cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Berin Loritsch <blorit...@infoplanning.com>
Subject SECURITY ALERT!!!!!
Date Wed, 12 Jul 2000 19:36:42 GMT
When testing Cocoon 2 on my Linux box, and typed in the following URL:

http://goat.infoplanning.com//

Cocoon (being mapped to the root context) returned the root directory
of my system:

/bin
/etc
/home
/proc
/sbin
/usr
....

This is BAD.  I know I get the DirectoryGenerator when I end my URL
with a slash, but I should never get anything outside the servlet
context.

I tried that, because I wanted to see if I can get the listing of
my ROOT context in Tomcat

Mime
View raw message