I use tomcat everyday, tried the urls below ... they don't work .... >Hi guys, > >Just got this from a security mailing list. >This would be helpful to people running tomcat. I've never used it though. >Just saw from PLUG's previous thread. > >----- >Tomcat Real Path Disclosure Vulnerability > >A security vulnerability in Tomcat allows remote attackers to determine the >true path used by the remote web server. This would assist an attacker in >better constructing more harmful attacks. > >Vulnerable systems: >Tomcat version 4.0.1 > >Immune systems: >Tomcat version 3.2.3 > >Example: >Accessing any of the following URLs will reveal the true patch of where the file is >stored: >http://tomcat4.1/+/index.jsp >http://tomcat4.1/>/index.jsp >http://tomcat4.1/%20/index.jsp >http://tomcat4.1/</index.jsp > > >neil camara ([EMAIL PROTECTED]) - cc{na|sa}, mcse - pgp 0x777777B2 >network/security engineer - dl := +1(847)2.21.0.224 cn := +1(847)9.80.17.53 > echo "I love windows" | sed -e 's/wi/u/g' | cut -f1 -dd | \ > awk '/u/ {printf("%s %s %six\n",$1,$2,$3)}' >_ >Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph >To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] > >To subscribe to the Linux Newbies' List: send "subscribe" in the body to >[EMAIL PROTECTED] > >
-- ============================================================ Jessie Evangelista<[EMAIL PROTECTED]> Developer, SMetrix Inc. ,Philippines Tel no.: +6328438064 ============================================================ _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
