tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From BugRat Mail System <>
Subject BugRat Report #565 has been filed.
Date Mon, 11 Dec 2000 08:58:12 GMT
Bug report #565 has just been filed.

You can view the report at the following URL:


REPORT #565 Details.

Project: Tomcat
Category: Bug Report
SubCategory: New Bug Report
Class: swbug
State: received
Priority: high
Severity: critical
Confidence: public
   Release: 3.2
   JVM Release: 1.3
   Operating System: Linux
   OS Release: RH6.2
   Platform: Linux

Security prob: WEB-INF directory is viewable

The contents of "hidden" directories like WEB-INF can actually be read by simply placing a
double slash "//" before WEB-INF, like so:


There may be files inside this or other similar directories which the user does not want to
be seen.

View raw message