tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 7364] New: - compiler creates empty .java files for invalid URLs
Date Fri, 22 Mar 2002 15:00:55 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7364>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7364

compiler creates empty .java files for invalid URLs

           Summary: compiler creates empty .java files for invalid URLs
           Product: Tomcat 4
           Version: 4.0.2 Final
          Platform: Sun
        OS/Version: Solaris
            Status: NEW
          Severity: Minor
          Priority: Other
         Component: Jasper
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: fred@stsci.edu


If you enter an invalid URL that ends with .jsp, Tomcat creates zero length
files in the work directory that never get cleaned up.  We see these a lot in
development, but not too many with operational systems.  Someone could use this
to be mallicious and get the server into a state where you could not create
new work files for valid URLs, so it should probably be fixed as a potential
denial of service.  Ie if the URL is invalid and the JSP file does not exist
don't create the .java file in the work directory.  Currently I have 11 of
those zero length files due to type-o's on my part when entering the URL in
the browser.

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message