Re: Odd server side scripts source disclosure vulnerability

["R. DuFresne" <dufresne () sysinfo com>]

On Fri, 20 Aug 2004, George Hedfors wrote:

> Hi
>
> > I am far from being Apache/Tomcat guru, but what comes to my mind
> > is configuration with several VirtualHosts with the same DocumentRoot
> > and the default one not interpreting jsp scripts.
>
> That could be one answer. I'll keep that in mind next time I speak to
> the client.

> From the headers sent earlier, these also look to be likely redhat or suse
realted apaches, running under a vm on one of the IBM platforms, though
likely not the s390.

Thanks,

Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!


------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817
-------------------------------------------------------------------------------