Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Servers :: jws3.htm

JavaWebServer break out of web root



Vulnerability

    Java Web Server

Affected

    Java Web Server

Description

    Joe Testa found following.  A vulnerability exists which allows  a
    remote user to break out of the web root using relative paths (ie:
    '..', '...').

        http://localhost/../[file outside web root]
        http://localhost/.../[file outside web root]

Solution

    No quick fix is possible.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH