I tried to test this security vulnerability on my tomcat 4.0.4 (alone)
setup but wasn't able to view my JSP files as claimed.
According to
http://online.securityfocus.com/archive/1/292936/2002-09-21/2002-09-27/0, if my
JSP file is accessible via http://donor.ucsd.edu:7873/ccdb/experiment/index.jsp
then I should be able to view my source. However, I tried 2 different URL
(http://donor.ucsd.edu:7873/ccdb/experiment/org.apache.catalina.servlets.Default
Servlet/index.jsp and
http://donor.ucsd.edu:7873/org.apache.catalina.servlets.DefaultServlet/ccdb/expe
riment/index.jsp) and all I got was a tomcat 404 error page.
Has anyone actually been able to view their JSP source via this
vulnerability?
Mona
==================================================================
Mona Wong-Barnum
National Center for Microscopy and Imaging Research
University of California, San Diego
http://ncmir.ucsd.edu/
"The truth shall set you free, but first it will piss you off"
A Landmark instructor
==================================================================
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
