tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Renato" <webmas...@cienciapura.com.br>
Subject Re: Directory listing vulnerability in Tomcat 3.2
Date Mon, 03 Dec 2001 14:13:26 GMT
I just downloaded and installed Tomcat 3.2.4 and the problem in on this 
version too.

I think that if you a 404 error page defined, this problem doesn't happen.

Anyway, I think it's a vulnerability.

On Mon Dec  3 11:16:34 2001, "Renato" <webmaster@cienciapura.com.br> 
escreveu :

> Hi all,
> 
> Recently I saw in the vuln-dev list a directory
> listing vulnerability in Tomcat 3.2.3. It's simple,
> just call the URL:
> 
> http://yousite/%3f.jsp
> 
> Is it fixed in Tomcat 3.2.4 ?
> 
> Thanks
> 
> 
> 
> --
> To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
> Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>
> 
> 
> 
> 

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message