cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Berin Loritsch <blorit...@infoplanning.com>
Subject Re: SECURITY ALERT!!!!!
Date Thu, 13 Jul 2000 11:58:19 GMT
Stefano Mazzocchi wrote:
> 
> Berin Loritsch wrote:
> >
> > When testing Cocoon 2 on my Linux box, and typed in the following URL:
> >
> > http://goat.infoplanning.com//
> >
> > Cocoon (being mapped to the root context) returned the root directory
> > of my system:
> >
> > /bin
> > /etc
> > /home
> > /proc
> > /sbin
> > /usr
> > ....
> >
> > This is BAD.  I know I get the DirectoryGenerator when I end my URL
> > with a slash, but I should never get anything outside the servlet
> > context.
> >
> > I tried that, because I wanted to see if I can get the listing of
> > my ROOT context in Tomcat
> 
> This appears as a Tomcat bug, not Cocoon's. Isn't it so?

Nope.  It also happens with LWS-2.2.1 (by Gefion Software: www.gefionsoftware.com)

There is another unrelated bug with Cocoon2 that I will take care of
shortly.  It has to do with how we get the path URL that makes Cocoon
dependant on Tomcat.... But that's another issue.

Mime
View raw message