tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Remy Maucherat" <r...@apache.org>
Subject Re: Quick suggestion before the new beta tag
Date Fri, 10 Aug 2001 05:25:18 GMT
> On Thu, 9 Aug 2001, Remy Maucherat wrote:
>
> > > Sounds *very* similar to mine (original Win98, Sun JDK 1.3.0_02
although I
> > > don't think that matters if it's not even executing the startup script
> > > correctly).
> > >
> > > I've got the usual config.sys entry to increase environment variable
> > > space:
> > >
> > >   shell=c:\command.com c:\ /e:4096 /p
> > >
> > > but Tomcat 4 is *much* less sensitive to this than 3.x was.
> > >
> > > Grumble grumble ... Win98 is also the reason for tonight's release in
the
> > > first place .. the stupid OS interprets "/....../" type paths as the
same
> > > as an equivalent number of "/../../.." entries (one level per extra
dot
> > > beyond the first two).
> >
> > Oh, ok.
> > It doesn't happen with NT/2k, right ?
> >
>
> I haven't tested it myself, but the original reporter said that he
> suspected it *would* fail on NT.
>
> You can try it for yourself on Win2K with the following URL:
>
>   http://localhost:8080/.../
>
> If you get a directory listing of the %CATALINA_HOME%\webapps directory,
> then you are subject to the same security vulnerability and should
> upgrade.  I'd like to know if it's OK under W2K, though, in order to say
> the right thing in the announcement email.

I tried that with my server running on my laptop, and I got a 404. So I
think it's ok.

Remy


Mime
View raw message