From lovehacker@263.NET Mon Apr  2 05:16:23 2001
From: lovehacker <lovehacker@263.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
Date: Sat, 31 Mar 2001 07:30:09 -0000
Subject: [BUGTRAQ] CHINANSL Security Advisory(CSA-200109)

Topic:Tomcat 4.0-b1 for winnt/2000 show ".jsp" 
source Vulnerability.

vulnerable:
winnt/2000
    + Tomcat 4.0-b1

discussion:
A security vulnerability has been found in Windows 
NT/2000 systems that have Tomcat 4.0-b1 installed. 
The 
vulnerability allows remote attackers to get ".jsp" 
source.

exploits:
http://target:8080/examples/snp/snoop%2ejsp

solution:
None

Copyright 2000-2001 CHINANSL. All Rights 
Reserved. Terms of use. 
CHINANSL Security Team 
<lovehacker@chinansl.com> 
CHINANSL INFORMATION TECHNOLOGY CO.,LTD 
(http://www.chinansl.com)