Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
Reply-To: tomcat-dev@jakarta.apache.org
Date: 20 Sep 2001 09:21:38 -0000
Message-ID: <20010920092138.28158.qmail@nagoya.betaversion.org>
From: bugzilla@apache.org
To: tomcat-dev@jakarta.apache.org
Cc: 
Subject: DO NOT REPLY [Bug 3743] New:  -
    double slash bypasses BASIC authentication

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=3743>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=3743

double slash bypasses BASIC authentication

           Summary: double slash bypasses BASIC authentication
           Product: Tomcat 3
           Version: 3.2.1 Final
          Platform: PC
               URL: http://localhost:8080/admin//contextAdmin/contextAdmin.h
                    tml
        OS/Version: Windows NT/2K
            Status: UNCONFIRMED
          Severity: Normal
          Priority: Other
         Component: Auth
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: analogueboy@blueyonder.co.uk


When you click on 'Context Admin' from http://localhost:8080/admin/index.html,
you are prompted with a username/password challenge. To bypass this check,
simply enter http://localhost:8080/admin//contextAdmin/contextAdmin.html