A co-worker that supports a federal sight just got an e-mail
from their admins indicating that his site is exposing jsp
source code when they appent %0008 to the end of their URLs.
The view source shows his exact pages.
He is using Tomcat 4.1.30 and JDK 1.4.2_05
I tired it on my servers (TC
I've just been trying to confrm the vulnerability without any luck.
Any place in the wild where we could find such a problem?
I've tried replacing:
http://www.server.dom/jsp/test.jsp
with:
http://www.server.dom/jsp/test.jsp%0008
in a number of setups without any results.
Cheers,
Michiel
Norris
[mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 16, 2005 9:27 AM
To: Tomcat
Subject: percent 0008 exploit
A co-worker that supports a federal sight just got an e-mail
from their admins indicating that his site is exposing jsp
source code when they appent %0008 to the end
: Wednesday, February 16, 2005 9:27 AM
To: Tomcat
Subject: percent 0008 exploit
A co-worker that supports a federal sight just got an e-mail
from their admins indicating that his site is exposing jsp
source code when they appent %0008 to the end of their URLs.
The view source shows his
(wasn't it?)
Mike Curwen
-Original Message-
From: Norris Shelton [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 16, 2005 9:27 AM
To: Tomcat
Subject: percent 0008 exploit
A co-worker that supports a federal sight just got an e-mail
from their admins indicating that his site
-
From: Norris Shelton [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 16, 2005 9:27 AM
To: Tomcat
Subject: percent 0008 exploit
A co-worker that supports a federal sight just got an e-mail
from their admins indicating that his site is exposing jsp
source code when they appent