cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefano Mazzocchi <stef...@apache.org>
Subject Re: SECURITY ALERT!!!!!
Date Wed, 12 Jul 2000 22:17:57 GMT
Berin Loritsch wrote:
> 
> When testing Cocoon 2 on my Linux box, and typed in the following URL:
> 
> http://goat.infoplanning.com//
> 
> Cocoon (being mapped to the root context) returned the root directory
> of my system:
> 
> /bin
> /etc
> /home
> /proc
> /sbin
> /usr
> ....
> 
> This is BAD.  I know I get the DirectoryGenerator when I end my URL
> with a slash, but I should never get anything outside the servlet
> context.
> 
> I tried that, because I wanted to see if I can get the listing of
> my ROOT context in Tomcat

This appears as a Tomcat bug, not Cocoon's. Isn't it so?

-- 
Stefano Mazzocchi      One must still have chaos in oneself to be
                          able to give birth to a dancing star.
<stefano@apache.org>                             Friedrich Nietzsche
--------------------------------------------------------------------
 Missed us in Orlando? Make it up with ApacheCON Europe in London!
------------------------- http://ApacheCon.Com ---------------------



Mime
View raw message