Hi guys, Just got this from a security mailing list. This would be helpful to people running tomcat. I've never used it though. Just saw from PLUG's previous thread.
----- Tomcat Real Path Disclosure Vulnerability A security vulnerability in Tomcat allows remote attackers to determine the true path used by the remote web server. This would assist an attacker in better constructing more harmful attacks. Vulnerable systems: Tomcat version 4.0.1 Immune systems: Tomcat version 3.2.3 Example: Accessing any of the following URLs will reveal the true patch of where the file is stored: http://tomcat4.1/+/index.jsp http://tomcat4.1/>/index.jsp http://tomcat4.1/%20/index.jsp http://tomcat4.1/</index.jsp neil camara ([EMAIL PROTECTED]) - cc{na|sa}, mcse - pgp 0x777777B2 network/security engineer - dl := +1(847)2.21.0.224 cn := +1(847)9.80.17.53 echo "I love windows" | sed -e 's/wi/u/g' | cut -f1 -dd | \ awk '/u/ {printf("%s %s %six\n",$1,$2,$3)}' _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
