tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Amy Roh" <amy...@apache.org>
Subject Re: Quick suggestion before the new beta tag
Date Fri, 10 Aug 2001 06:07:02 GMT
It is verified that Win2K is not subject to the security vulnerability.

Amy

----- Original Message -----
From: "Craig R. McClanahan" <craigmcc@apache.org>
To: <tomcat-dev@jakarta.apache.org>
Sent: Thursday, August 09, 2001 10:00 PM
Subject: Re: Quick suggestion before the new beta tag


>
>
> On Thu, 9 Aug 2001, Remy Maucherat wrote:
>
> > > Sounds *very* similar to mine (original Win98, Sun JDK 1.3.0_02
although I
> > > don't think that matters if it's not even executing the startup script
> > > correctly).
> > >
> > > I've got the usual config.sys entry to increase environment variable
> > > space:
> > >
> > >   shell=c:\command.com c:\ /e:4096 /p
> > >
> > > but Tomcat 4 is *much* less sensitive to this than 3.x was.
> > >
> > > Grumble grumble ... Win98 is also the reason for tonight's release in
the
> > > first place .. the stupid OS interprets "/....../" type paths as the
same
> > > as an equivalent number of "/../../.." entries (one level per extra
dot
> > > beyond the first two).
> >
> > Oh, ok.
> > It doesn't happen with NT/2k, right ?
> >
>
> I haven't tested it myself, but the original reporter said that he
> suspected it *would* fail on NT.
>
> You can try it for yourself on Win2K with the following URL:
>
>   http://localhost:8080/.../
>
> If you get a directory listing of the %CATALINA_HOME%\webapps directory,
> then you are subject to the same security vulnerability and should
> upgrade.  I'd like to know if it's OK under W2K, though, in order to say
> the right thing in the announcement email.
>
> > Remy
> >
> >
>
> Craig
>
>
>


Mime
View raw message