Apache Tomcat Discloses Directory Listings to Remote Users
|
|
SecurityTracker Alert ID: 1016576
|
|
SecurityTracker URL: http://securitytracker.com/id?1016576
|
|
CVE Reference: CVE-2006-3835
(Links to External Site)
|
Date: Jul 26 2006
|
Impact: Disclosure of system information, Disclosure of user information
|
Fix Available: Yes
Exploit Included: Yes
Vendor Confirmed: Yes
|
Version(s): 5.0.28, 5.5.7, 5.5.9, and 5.5.12
|
Description: A vulnerability was reported in Apache Tomcat. A remote user can view directory listings on the target system.
The software does not properly validate user-supplied input. A remote user can supply a specially crafted request for a file name
that is prepended with a semicolon and with a file extension that is mapped to Apache to view directory listings on target system.
The actual file name does not need to exist.
Some demonstration exploit URLs are provided:
http://[target]/;index.jsp
http://[target]/help/;help.do
ScanAlert
's Enterprise Services Team discovered this vulnerability.
|
Impact: A remote user can view directory listings of web directories on the target system.
|
Solution: The vendor has issued a fixed version (5.5.17).
|
Vendor URL: tomcat.apache.org/ (Links to External Site)
|
Cause: Input validation error
|
Underlying OS: Linux (Any), UNIX (Any)
|
Reported By: "Joseph Pierini" <joep@scanalert.com>
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Fri, 21 Jul 2006 12:54:42 -0700
From: "Joseph Pierini" <joep@scanalert.com>
Subject: [Full-disclosure] Directory Listing in Apache Tomcat 5.x.x
|
This is a multi-part message in MIME format.
--===============0973369518==
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature";
micalg=SHA1; boundary="----=_NextPart_000_01CD_01C6ACC4.D5B51620"
This is a multi-part message in MIME format.
------=_NextPart_000_01CD_01C6ACC4.D5B51620
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_01CE_01C6ACC4.D5B51620"
------=_NextPart_001_01CE_01C6ACC4.D5B51620
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
----------------------------------------------------------------------------
-----------------------
ScanAlert Security Advisory
http://www.scanalert.com
Directory Listing in Apache Tomcat 5.x.x
Date: 07/21/2006
Vendor: Apache
Package: Tomcat
Versions: 5.x.x (5.0.28, 5.5.12, 5.5.9, and 5.5.7 - Confirmed)
Credit: ScanAlert's Enterprise Services Team.
Risk
Common Vulnerability Scoring System (CVSS) -
http://www.first.org/cvss/intro/
Related Exploit Range: Remote
Attack Complexity: Low
Level Of Authentication Needed: Not Required
Confidentiality Impact: Partial
Integrity Impact: Partial
Availability Impact: None
Overview
Apache Tomcat is the servlet container that is used in the official
Reference Implementation for the Java Servlet and JavaServer Pages
technologies.
Vulnerabilities
Apache Tomcat can be forced to reveal a complete directory listing for any
directory by requesting a mapped file extension prepended with a semicolon,
a reserved character. The file does not need to exist.
Examples
http://www.sitexyz.com/;index.jsp
http://www.sitexyz.com/help/;help.do
Solution
Upgrade to the latest stable Tomcat release. Confirmed fix is available in
Apache Tomcat v5.5.17
About ScanAlert
ScanAlert's mission is to make the web safe from hackers.
We make web sites secure from hackers and certify it to their customers via
our patent pending HACKER SAFER security certification technology. Our daily
security audits and real-time certification enables consumers to know
whether the sites where they shop are taking the necessary steps to
safeguard their personal information from hackers. By alleviating consumers'
fears of identity theft and credit card fraud, online merchants who earn
HACKER SAFE certification consistently see substantial increases in online
transactions
Joseph Pierini, CISSP | Director, Enterprise Services
ScanAlert ( www.scanalert.com <http://www.scanalert.com/> )
860 Napa Valley Corporate Way
Suite R
Napa, CA 94558
Phone: 877 302-9965
Int'l: 707 224-7656
Fax: 707 252-9626
Email: joep (at) scanalert.com
<https://keyserver2.pgp.com/vkd/DownloadKey.event?keyid=0x8C199E84A4EE2234>
PGP Public Key
------=_NextPart_001_01CE_01C6ACC4.D5B51620
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:st1=3D"urn:schemas-microsoft-com:office:smarttags" =
xmlns=3D"http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 11 (filtered medium)">
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"PlaceType"/>
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"PlaceName"/>
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"place"/>
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"PostalCode"/>
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"State"/>
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"Street"/>
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"address"/>
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
name=3D"City"/>
<!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:Arial;
color:windowtext;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=3DEN-US link=3Dblue vlink=3Dpurple>
<div class=3DSection1>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>------------------------------------------------------=
---------------------------------------------<o:p></o:p></span></font></p=
<p class=3DMsoNormal><b><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial;font-weight:bold'>ScanAlert Security =
Advisory<o:p></o:p></span></font></b></p>
<p class=3DMsoNormal><b><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial;font-weight:bold'>http://www.scanalert.com<o:p></o:p></=
span></font></b></p>
<p class=3DMsoNormal><b><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial;font-weight:bold'><o:p> </o:p></span></font><
/b></=
p>
<p class=3DMsoNormal><b><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial;font-weight:bold'>Directory Listing in Apache Tomcat =
5.x.x<o:p></o:p></span></font></b></p>
<p class=3DMsoNormal><b><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial;font-weight:bold'><o:p> </o:p></span></font><
/b></=
p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Date: 07/21/2006<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Vendor: Apache<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Package: Tomcat<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Versions: 5.x.x (5.0.28, 5.5.12, 5.5.9, and 5.5.7 =
–
Confirmed)<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Credit: ScanAlert’s Enterprise Services =
Team.<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><b><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial;font-weight:bold'>Risk<o:p></o:p></span></font></b><
/p>=
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Common Vulnerability Scoring System (CVSS) - =
http://www.first.org/cvss/intro/<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'> <o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Related <st1:place w:st=3D"on"><st1:PlaceName =
w:st=3D"on">Exploit</st1:PlaceName>
<st1:PlaceType w:st=3D"on">Range</st1:PlaceType></st1:place>: =
Remote<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Attack Complexity: Low <o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Level Of Authentication Needed: Not Required =
<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Confidentiality Impact: Partial =
<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Integrity Impact: Partial =
<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Availability Impact: =
None<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><b><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial;font-weight:bold'>Overview<o:p></o:p></span></font></
b>=
</p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Apache Tomcat is the servlet container that is used =
in the
official Reference Implementation for the Java Servlet and JavaServer =
Pages
technologies.<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><b><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial;font-weight:bold'>Vulnerabilities<o:p></o:p></span></fo=
nt></b></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Apache Tomcat can be forced to reveal a complete =
directory
listing for any directory by requesting a mapped file extension =
prepended with
a semicolon, a reserved character. The file does not need to exist. =
<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><b><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial;font-weight:bold'>Examples =
<o:p></o:p></span></font></b></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><a =
href=3D"http://www.sitexyz.com/;index.jsp">http://www.sitexyz.com/;index.=
jsp</a><o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><a =
href=3D"http://www.sitexyz.com/help/;help.do">http://www.sitexyz.com/help=
/;help.do</a><o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><b><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial;font-weight:bold'>Solution<o:p></o:p></span></font></
b>=
</p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Upgrade to the latest stable Tomcat release. =
Confirmed fix
is available in Apache Tomcat v5.5.17<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><b><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial;font-weight:bold'>About =
ScanAlert<o:p></o:p></span></font></b></p>
<p class=3DMsoNormal><b><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial;font-weight:bold'><o:p> </o:p></span></font><
/b></=
p>
<p class=3DMsoNormal><b><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial;font-weight:bold'>ScanAlert's mission is to make the =
web safe
from hackers.<o:p></o:p></span></font></b></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>We make web sites secure from hackers and certify it =
to
their customers via our patent pending HACKER SAFE® security =
certification
technology. Our daily security audits and real-time certification =
enables
consumers to know whether the sites where they shop are taking the =
necessary
steps to safeguard their personal information from hackers. By =
alleviating
consumers' fears of identity theft and credit card fraud, online =
merchants who
earn HACKER SAFE certification consistently see substantial increases in =
online
transactions</span></font><o:p></o:p></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Joseph Pierini, CISSP | Director, <st1:place =
w:st=3D"on"><st1:City
w:st=3D"on">Enterprise</st1:City></st1:place> Services<br>
ScanAlert (<a href=3D"http://www.scanalert.com/" =
title=3D"http://www.scanalert.com/"
eudora=3Dautourl> www.scanalert.com</a>)<br>
<st1:Street w:st=3D"on"><st1:address
style=3D"BACKGROUND-POSITION: left bottom; BACKGROUND-IMAGE: =
url(res://ietag.dll/#34/#1001); BACKGROUND-REPEAT: repeat-x"
tabIndex=3D"0" w:st=3D"on">860 <st1:place w:st=3D"on"><st1
:PlaceName =
w:st=3D"on">Napa</st1:PlaceName>
<st1:PlaceType w:st=3D"on">Valley</st1:PlaceType></st1:place> =
Corporate Way</st1:address></st1:Street><br>
Suite R<br>
<st1:place w:st=3D"on"><st1:City w:st=3D"on">Napa</st1:City>, <
st1:State =
w:st=3D"on">CA</st1:State>
<st1:PostalCode =
w:st=3D"on">94558</st1:PostalCode></st1:place></span></font><
o:p></o:p></=
p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Phone: 877 302-9965 </span></font><o:p></o:p></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Int'l: 707 224-7656</span></font><o:p></o:p></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Fax: 707 252-9626<o:p></o:p></span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Email: joep (at) scanalert.com<br>
</span></font><a
href=3D"https://keyserver2.pgp.com/vkd/DownloadKey.event?keyid=3D0x8C199E=
84A4EE2234"
title=3D"https://keyserver2.pgp.com/vkd/DownloadKey.event?keyid=3D0x8C199=
E84A4EE2234"><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'><span
title=3D"https://keyserver2.pgp.com/vkd/DownloadKey.event?keyid=3D0x8C199=
E84A4EE2234">PGP
Public Key</span></span></font></a><o:p></o:p></p>
<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'><o:p> </o:p></span></font></p>
</div>
</body>
</html>
------=_NextPart_001_01CE_01C6ACC4.D5B51620--
------=_NextPart_000_01CD_01C6ACC4.D5B51620
Content-Type: application/x-pkcs7-signature;
name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="smime.p7s"
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIII0jCCAlow
ggHDoAMCAQICEHlMVBRqqbxLKNHThnp85fUwDQYJKoZIhvcNAQEEBQAwYjELMAkGA1UEBhMCWkEx
JTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQ
ZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA2MDUyMzE5NTkxOFoXDTA3MDUyMzE5NTkx
OFowRDEfMB0GA1UEAxMWVGhhd3RlIEZyZWVtYWlsIE1lbWJlcjEhMB8GCSqGSIb3DQEJARYSam9l
cEBzY2FuYWxlcnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHwOAOe4eOSQLTSn6O
ACCsUUbgGZGBRa+FVnpzn0GpqkIezNaxmlu8aIPjvCbcg6PVlZwSRDJB+7XOGGiJD1d9XwBKGl5L
+5WHIefAZ6xZfzGlr+r+05C2xPsTcimWofOxi03gH7nkHiiAqkBl49wG4sVqQgiIIPcWOVIqbLYm
+QIDAQABoy8wLTAdBgNVHREEFjAUgRJqb2VwQHNjYW5hbGVydC5jb20wDAYDVR0TAQH/BAIwADAN
BgkqhkiG9w0BAQQFAAOBgQB4mmzt5HGhQjNSEZ7metOBN+r4F0dta3df4B1m88K8M3PkGZuu4C+v
yPGyeqWgCH5DvmishYfKicWLH5Ndvc0sWTS6ou4rkiBoTMUf+Kg6iS4++hh3jInCgZI88IzomFR2
1uv2UwiOcb83315zHYacjQDy4k5/EUvXoJDPY6JJ0jCCAy0wggKWoAMCAQICAQAwDQYJKoZIhvcN
AQEEBQAwgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNh
cGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRp
b24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBD
QTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw05NjAxMDEw
MDAwMDBaFw0yMDEyMzEyMzU5NTlaMIHRMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBD
YXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xGjAYBgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5nMSgwJgYD
VQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMSQwIgYDVQQDExtUaGF3dGUgUGVy
c29uYWwgRnJlZW1haWwgQ0ExKzApBgkqhkiG9w0BCQEWHHBlcnNvbmFsLWZyZWVtYWlsQHRoYXd0
ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANRp19SwlGRbcelH2AxRtupykbCEXn0t
DY97Et+FJXUodDpCLGMnn5V7S+9+GYcdhuqj3bnOlmQawhRuRKx85o/oTQ9xH0A4pgCjh3j2+ZSG
Xq3qwF5269kUo11uenwMpUtVfwYZKX+emibVars4JAhqmMex2qOYkf152+VaxBy5AgMBAAGjEzAR
MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAx+ySfk749ZalZ2IqpPBNEWDQb41g
WGGsJrtSNVwIzzD7qEqWih9iQiOMFw/0umScF6xHKd+dmF7SbGBxXKKs3Hnj524ARx+1DSjoAp3k
mv0T9KbZfLH43F8jJgmRgHPQFBveQ6mDJfLmnC8Vyv6mq4oHdYsM3VGEa+T40c53ooEwggM/MIIC
qKADAgECAgENMA0GCSqGSIb3DQEBBQUAMIHRMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVy
biBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xGjAYBgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5nMSgw
JgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMSQwIgYDVQQDExtUaGF3dGUg
UGVyc29uYWwgRnJlZW1haWwgQ0ExKzApBgkqhkiG9w0BCQEWHHBlcnNvbmFsLWZyZWVtYWlsQHRo
YXd0ZS5jb20wHhcNMDMwNzE3MDAwMDAwWhcNMTMwNzE2MjM1OTU5WjBiMQswCQYDVQQGEwJaQTEl
MCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBl
cnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMSm
PFVzVftOucqZWh5owHUEcJ3f6f+jHuy9zfVb8hp2vX8MOmHyv1HOAdTlUAow1wJjWiyJFXCO3cnw
K4Vaqj9xVsuvPAsH5/EfkTYkKhPPK9Xzgnc9A74r/rsYPge/QIACZNenprufZdHFKlSFD0gEf6e2
0TxhBEAeZBlyYLf7AgMBAAGjgZQwgZEwEgYDVR0TAQH/BAgwBgEB/wIBADBDBgNVHR8EPDA6MDig
NqA0hjJodHRwOi8vY3JsLnRoYXd0ZS5jb20vVGhhd3RlUGVyc29uYWxGcmVlbWFpbENBLmNybDAL
BgNVHQ8EBAMCAQYwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVByaXZhdGVMYWJlbDItMTM4MA0G
CSqGSIb3DQEBBQUAA4GBAEiM0VCD6gsuzA2jZqxnD3+vrL7CF6FDlpSdf0whuPg2H6otnzYvwPQc
UCCTcDz9reFhYsPZOhl+hLGZGwDFGguCdJ4lUJRix9sncVcljd2pnDmOjCBPZV+V2vf3h9bGCE6u
9uo05RAaWzVNd+NWIXiC3CEZNd4ksdMdRv9dX2VPMYIC+DCCAvQCAQEwdjBiMQswCQYDVQQGEwJa
QTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3Rl
IFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECEHlMVBRqqbxLKNHThnp85fUwCQYFKw4DAhoF
AKCCAdgwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDYwNzIxMTk1
NDQyWjAjBgkqhkiG9w0BCQQxFgQUKvO2+X3usH0RyiBka0tAn6saDXEwZwYJKoZIhvcNAQkPMVow
WDAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYI
KoZIhvcNAwICASgwBwYFKw4DAhowCgYIKoZIhvcNAgUwgYUGCSsGAQQBgjcQBDF4MHYwYjELMAkG
A1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMT
I1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBAhB5TFQUaqm8SyjR04Z6fOX1MIGH
BgsqhkiG9w0BCRACCzF4oHYwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0
aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5n
IENBAhB5TFQUaqm8SyjR04Z6fOX1MA0GCSqGSIb3DQEBAQUABIGAl1nk0MGQEWlysdA4KxOpYd2f
j9X3lHyp+/KnWYAGbF+CPnYqbHZjudzv5fTkbgKFwGvsLy+S6Zf8ar4KoVc6yraLuywfCHPUYSR3
y/IXhPNQ1eNj0pP0QutNtmezvwIms6m4R81GXgmFjifHCiLqDTz1MJ1drC5fUPTClLr1iHgAAAAA
AAA=
------=_NextPart_000_01CD_01C6ACC4.D5B51620--
--===============0973369518==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--===============0973369518==--
|
|
