tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 6300] - tomcat responses 404 when trying to access it using '%2f' instead of '/'
Date Thu, 07 Feb 2002 14:41:13 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6300>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6300

tomcat responses 404 when trying to access it using '%2f' instead of  '/'

Larry.Isaacs@sas.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |WONTFIX



------- Additional Comments From Larry.Isaacs@sas.com  2002-02-07 14:41 -------
This is designed behavior due to security reasons.  The problem is that
"%2f" could be used to bypass security constraints, amoung other things.
Tomcat 3.3 by default, regards as illegal in the request URI the following
escapes:

    %25 = '%'
    %2E = '.'
    %2F = '/'
    %5C = '\'

This behavior may be turned off by modifying server.xml to have:

    <DecodeInterceptor safe="false" />

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message