tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marc Saegesser" <marc.saeges...@apropos.com>
Subject RE: Source script reveal bug
Date Fri, 08 Jun 2001 22:49:07 GMT
All known "URL Trickery" source exposure bugs have been fixed in Tomcat
3.2.2 (and 3.3 and 4.0).

> -----Original Message-----
> From: Venkat [mailto:venkat_at_work@yahoo.com]
> Sent: Friday, June 08, 2001 4:14 AM
> To: tomcat-dev@jakarta.apache.org
> Subject: Source script reveal bug
>
>
> I should do this today, please advise
>
>
> #####
>
> Hi All
>
> Since I could not get a solution from the archives, this posting is
> inevitable
>
> I'm using Tomcat 3.2.1 on my production server on Win2K with IIS 5.  I
> recently come across about a bug in this version of Tomcat which
> reveals JSP
> script source code by URL trickery.  I hope many of you guys
> there are aware
> of it and fixed it too.  I wish to know that is it a bug in
> Windows platform
> (because coldfusion on windows has similar problem add +.htr to
> your cfm url
> reveals cfm source code, and MS has a fix for NT 4.0 and win2K)
>
> If it's a bug in Tomcat, is there a fix for it and how to do it.  Please
> reply with complete details/urls
>
> Regards
>
> Venkat
>
> #######
>
>
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com


Mime
View raw message