You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Jon Stevens <jo...@latchkey.com> on 2001/04/02 06:53:48 UTC

FW: CHINANSL Security Advisory(CSA-200109)

fyi.

-jon

----------
From: lovehacker <lo...@263.NET>
Reply-To: lovehacker@263.NET
Date: Mon, 2 Apr 2001 03:56:51 -0000
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Re: CHINANSL Security Advisory(CSA-200109)

HI Sverre:
Thanks your reply.
your website is very nice.
Today,I download Tomcat 4.0-b2 but it still can reveal
script source code by special URL.
please see CHINANSL Security Advisory (CSA-
200110).

thanks again.
lovehacker
All Rights Reserved.
http://www.chinansl.com
lovehacker@chinansl.com

> [lovehacker]
> 
> |   Topic:Tomcat 4.0-b1 for winnt/2000 show ".jsp"
> |   source Vulnerability. [...]
> 
> |   exploits:
> |   http://target:8080/examples/snp/snoop%2ejsp
> 
> This is the same problem I reported a few days
ago.  It has already
> been fixed in Tomcat 4.0 beta 2.
> 
> 
> Sverre.
> 
> --
> <UR...@thathost.com>
> <URL:http://shh.thathost.com/>
> 
>