From lovehacker@263.NET Mon Apr  2 05:16:30 2001
From: lovehacker <lovehacker@263.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
Date: Sat, 31 Mar 2001 06:26:33 -0000
Subject: [BUGTRAQ] CHINANSL Security Advisory(CSA-200108)

Topic:
Tomcat 3.2.1 for win2000 Directory traversal 
Vulnerability

vulnerable:
  Tomcat 3.2.1 for win2000
   maybe for other operating system also.

discussion:
A security vulnerability has been found in Windows 
NT/2000 systems that have Tomcat 3.2.1 
installed.The 
vulnerability allows remote attackers to access files 
outside the document root directory scope.

exploits:
http://target:8080/%2e%2e/%2e%2e/%00.jsp 
It is possible to cause the Tomcat server to Listing 
outside the document root directory scope.

solution:
None

Copyright 2000-2001 CHINANSL. All Rights 
Reserved. Terms of use. 

CHINANSL Security Team 
<lovehacker@chinansl.com> 
CHINANSL INFORMATION TECHNOLOGY CO.,LTD 
(http://www.chinansl.com)