tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From BugRat Mail System <tomcat-b...@cortexity.com>
Subject BugRat Report #565 has been filed.
Date Mon, 11 Dec 2000 08:58:12 GMT
Bug report #565 has just been filed.

You can view the report at the following URL:

   <http://znutar.cortexity.com/BugRatViewer/ShowReport/565>

REPORT #565 Details.

Project: Tomcat
Category: Bug Report
SubCategory: New Bug Report
Class: swbug
State: received
Priority: high
Severity: critical
Confidence: public
Environment: 
   Release: 3.2
   JVM Release: 1.3
   Operating System: Linux
   OS Release: RH6.2
   Platform: Linux

Synopsis: 
Security prob: WEB-INF directory is viewable

Description:
The contents of "hidden" directories like WEB-INF can actually be read by simply placing a
double slash "//" before WEB-INF, like so:

http://localhost:8080/examples//WEB-INF

There may be files inside this or other similar directories which the user does not want to
be seen.

Mime
View raw message