Thanks for the reply. I'd post it back to the security mailing list where I got it.
----- Original Message ----- From: "Jessie Evangelista" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, April 22, 2002 6:29 PM Subject: Re: [plug] Tomcat Update > I use tomcat everyday, tried the urls below ... they don't work .... > > >Hi guys, > > > >Just got this from a security mailing list. > >This would be helpful to people running tomcat. I've never used it though. > >Just saw from PLUG's previous thread. > > > >----- > >Tomcat Real Path Disclosure Vulnerability > > > >A security vulnerability in Tomcat allows remote attackers to determine the > >true path used by the remote web server. This would assist an attacker in > >better constructing more harmful attacks. > > > >Vulnerable systems: > >Tomcat version 4.0.1 > > > >Immune systems: > >Tomcat version 3.2.3 > > > >Example: > >Accessing any of the following URLs will reveal the true patch of where the file is stored: > >http://tomcat4.1/+/index.jsp > >http://tomcat4.1/>/index.jsp > >http://tomcat4.1/%20/index.jsp > >http://tomcat4.1/</index.jsp > > > > > >neil camara ([EMAIL PROTECTED]) - cc{na|sa}, mcse - pgp 0x777777B2 > >network/security engineer - dl := +1(847)2.21.0.224 cn := +1(847)9.80.17.53 > > echo "I love windows" | sed -e 's/wi/u/g' | cut -f1 -dd | \ > > awk '/u/ {printf("%s %s %six\n",$1,$2,$3)}' > >_ > >Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph > >To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] > > > >To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED] > > > > > > > -- > > > ============================================================ > Jessie Evangelista<[EMAIL PROTECTED]> > Developer, SMetrix Inc. ,Philippines > Tel no.: +6328438064 > ============================================================ > > > > _ > Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph > To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] > > To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED] > _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
