Loading ...
Sorry, an error occurred while loading the content.

RE: !!!!!!

Expand Messages
  • Alan Tam
    Hi, all I m also experienced the same problem.... Is it a bugs? Alan Tam Systems Consultant
    Message 1 of 6 , Aug 31, 2000
    View Source
    • 0 Attachment
      Hi, all

      I'm also experienced the same problem....
      Is it a bugs?

      Alan Tam
      Systems Consultant


      ***************************************************************************
      iMVEC
      1408-1409 Office Tower, Convention Plaza,
      1 Harbour Road, Wanchai, Hong Kong
      E-mail: alan@...
      Direct Tel: (852) 25806219 Fax No: (852) 26357610
      ***************************************************************************


      -----Original Message-----
      From: Antoine Oberlaender
      [mailto:aoberlaender@...]
      Sent: Friday, September 01, 2000 3:44 AM
      To: JRUN Talk
      Subject: !!!!!!

      hi again !

      when you write url with a / at the end it shows the source
      !!!

      eg : 123.123.123.1/index.jsp/ - > give the source code
      !!!

      that IS a SERIOUS probleme !

      any idea ???

      thanks a lot!
      --
      ----------------------------------------------
      Antoine Oberlaender
      Capella Technologies - Montreal
      aoberlaender@...



      ----------------------------------------------------------------------------
      --
      Archives: http://www.egroups.com/group/jrun-interest/
      Unsubscribe:
      http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/jrun_talk
      or send a message to jrun-talk-request@...
      with 'unsubscribe' in the body.
      ------------------------------------------------------------------------------
      Archives: http://www.egroups.com/group/jrun-interest/
      Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/jrun_talk
      or send a message to jrun-talk-request@... with 'unsubscribe' in the body.
    • Hiroshi Okugawa
      Hi, all This problem has already been reported. Please, refer following url. http://www.allaire.com/security ASB00-19: Patch available for JRun trailing
      Message 2 of 6 , Sep 1, 2000
      View Source
      • 0 Attachment
        Hi, all

        This problem has already been reported.
        Please, refer following url.
        http://www.allaire.com/security

        <cite>
        ASB00-19: Patch available for JRun trailing character JSP source code disclosure issue
        Affects:
        JRun 2.3.x (all editions)
        JRun 3.0 (all editions)
        </cite>

        --
        Sirius, Inc.
        Hiroshi Okugawa <okugawa@...>


        In message "!!!!!!"
        At Thu, 31 Aug 2000 15:44:05 -0400
        Antoine Oberlaender <aoberlaender@...>-san writes.
        Message-ID: <39AEB585.4AA8F7D4@...>
        |hi again !
        |
        |when you write url with a / at the end it shows the source !!!
        |
        |eg : 123.123.123.1/index.jsp/ - > give the source code !!!
        |
        |that IS a SERIOUS probleme !
        |
        |any idea ???
        |
        |thanks a lot!


        --
        Sirius, Inc.
        Hiroshi Okugawa <okugawa@...>
        ------------------------------------------------------------------------------
        Archives: http://www.egroups.com/group/jrun-interest/
        Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/jrun_talk
        or send a message to jrun-talk-request@... with 'unsubscribe' in the body.
      • Geoff Soutter
        sure looks like it to me Also, assuming you re running JRun on Windoze, I think it s a result of the way that M$ handles path names. ASP had lots of problems
        Message 3 of 6 , Sep 1, 2000
        View Source
        • 0 Attachment
          sure looks like it to me

          Also, assuming you're running JRun on Windoze, I think it's a result of the
          way that M$ handles path names. ASP had lots of problems like this. Unless
          Allaire took steps to avoid these kinds of problems (and it appears they
          didn't), we might end up finding they are also vulnerable to lots of similar
          problems, like appending '.' or '::$DATA' to the end (from memory).

          cheers

          Geoff

          ----- Original Message -----
          From: "Antoine Oberlaender" <aoberlaender@...>
          To: "JRUN Talk" <jrun-talk@...>
          Sent: Friday, September 01, 2000 5:44 AM
          Subject: !!!!!!


          > hi again !
          >
          > when you write url with a / at the end it shows the source !!!
          >
          > eg : 123.123.123.1/index.jsp/ - > give the source code !!!
          >
          > that IS a SERIOUS probleme !
          >
          > any idea ???
          >
          > thanks a lot!
          > --
          > ----------------------------------------------
          > Antoine Oberlaender
          > Capella Technologies - Montreal
          > aoberlaender@...
          >
          >
          > --------------------------------------------------------------------------
          ----
          > Archives: http://www.egroups.com/group/jrun-interest/
          > Unsubscribe:
          http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/jrun_talk
          > or send a message to jrun-talk-request@... with
          'unsubscribe' in the body.
          >

          ------------------------------------------------------------------------------
          Archives: http://www.egroups.com/group/jrun-interest/
          Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/jrun_talk
          or send a message to jrun-talk-request@... with 'unsubscribe' in the body.
        • Mike Hogarth
          As a short term workaround, you might use the JSP compiler that was included with JRun. Of course, that won t be useful if you are hosting JSP capability for
          Message 4 of 6 , Sep 1, 2000
          View Source
          • 0 Attachment
            As a short term workaround, you might use the JSP compiler that was included with JRun. Of course, that won't be useful if you are hosting JSP capability for others.
            --Mike H

            *********** REPLY SEPARATOR ***********

            On 9/1/00 at 7:07 PM Geoff Soutter wrote:

            >sure looks like it to me
            >
            >Also, assuming you're running JRun on Windoze, I think it's a result of the
            >way that M$ handles path names. ASP had lots of problems like this. Unless
            >Allaire took steps to avoid these kinds of problems (and it appears they
            >didn't), we might end up finding they are also vulnerable to lots of similar
            >problems, like appending '.' or '::$DATA' to the end (from memory).
            >
            >cheers
            >
            >Geoff
            >
            >----- Original Message -----
            >From: "Antoine Oberlaender" <aoberlaender@...>
            >To: "JRUN Talk" <jrun-talk@...>
            >Sent: Friday, September 01, 2000 5:44 AM
            >Subject: !!!!!!
            >
            >
            >> hi again !
            >>
            >> when you write url with a / at the end it shows the source !!!
            >>
            >> eg : 123.123.123.1/index.jsp/ - > give the source code !!!
            >>
            >> that IS a SERIOUS probleme !
            >>
            >> any idea ???
            >>
            >> thanks a lot!
            >> --
            >> ----------------------------------------------
            >> Antoine Oberlaender
            >> Capella Technologies - Montreal
            >> aoberlaender@...
            >>
            >>
            >> --------------------------------------------------------------------------
            >----
            >> Archives: http://www.egroups.com/group/jrun-interest/
            >> Unsubscribe:
            >http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/jrun_talk
            >> or send a message to jrun-talk-request@... with
            >'unsubscribe' in the body.
            >>
            >
            >------------------------------------------------------------------------------
            >Archives: http://www.egroups.com/group/jrun-interest/
            >Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/jrun_talk
            >or send a message to jrun-talk-request@... with 'unsubscribe' in the body.



            ------------------------------------------------------------------------------
            Archives: http://www.egroups.com/group/jrun-interest/
            Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/jrun_talk
            or send a message to jrun-talk-request@... with 'unsubscribe' in the body.
          • Chris Heinemann
            Message 5 of 6 , Sep 1, 2000
            View Source
            • 0 Attachment
              This is a known secuirty bug and there is a fix in the security zone.  I would suggest signing up for the security announcements.  I believe it is also fixed in the SP (now in canidate release).
              .

              --Chris Heinemann
              Internet Administrator, Horace Mann

              Antoine Oberlaender wrote:

              hi again !

              when you write url with a / at the end it shows the source !!!

              eg : 123.123.123.1/index.jsp/     - >  give the source code !!!

              that IS a SERIOUS probleme !

              any idea ???

              thanks a lot!
              --
              ----------------------------------------------
              Antoine Oberlaender
              Capella Technologies - Montreal
              aoberlaender@...

              ------------------------------------------------------------------------------
              Archives: http://www.egroups.com/group/jrun-interest/
              Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/jrun_talk
              or send a message to jrun-talk-request@... with 'unsubscribe' in the body.

            Your message has been successfully submitted and would be delivered to recipients shortly.