Vulnerability Development mailing list archives
Other Web Servers vulnerable to %3f.jsp directory listing
From: Slow2Show <sl2sho () yahoo com>
Date: 30 Nov 2001 12:12:04 -0000
I tried posting to Bugtraq...but perhaps this is the more appropriate mailing list. Anyways here are some Response headers to servers that are vulnerable to the %3f.jsp directory listing exploit -Slow2Show- University of Florida HTTP/1.0 200 OK Date: Fri, 30 Nov 2001 03:43:27 GMT Server: Jetty/3.1.RC8 (Linux 2.2.16-22enterprise x86) Servlet-Engine: Jetty/3.1 (JSP 1.1; Servlet 2.2; java 1.3.0) HTTP/1.1 200 OK Date: Fri, 30 Nov 2001 04:00:20 GMT Server: Apache/1.3.20 (Linux/SuSE) mod_jk Last-Modified: Thu, 01 Nov 2001 21:20:47 GMT HTTP/1.1 302 Found Date: Fri, 30 Nov 2001 04:03:07 GMT Server: Apache/1.3.14 (Unix) PHP/4.0.6 ApacheJServ/1.1.2 Servlet-Engine: Tomcat Web Server/3.2.3 (JSP 1.1; Servlet 2.2; Java 1. 5.8 sparc; java.vendor=Sun Microsystems Inc.)
Current thread:
- Other Web Servers vulnerable to %3f.jsp directory listing Slow2Show (Nov 30)