tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 4227] - Invalid CGI path
Date Mon, 22 Oct 2001 16:19:12 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=4227>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=4227

Invalid CGI path





------- Additional Comments From craig.mcclanahan@sun.com  2001-10-22 09:19 -------
Currently, the CGI servlet refuses to run a request that has "/./" or "/../" in
the CGI command path (as yours does), in order to avoid spoofing attacks that
try to access binaries outside of the appropriate webapp directory.  In this
case, it appears that the "/../" is occurring because you are letting the
standard startup script figure out what CATALINA_HOME is.

Could you try explicitly setting the CATALINA_HOME environment variable (to
"/opt/catalina") and see if that solves the problem for you?

Mime
View raw message