Return-Path: Delivered-To: apmail-tomcat-dev-archive@www.apache.org Received: (qmail 49336 invoked from network); 21 May 2008 16:34:21 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 21 May 2008 16:34:21 -0000 Received: (qmail 66053 invoked by uid 500); 21 May 2008 16:34:19 -0000 Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org Received: (qmail 65954 invoked by uid 500); 21 May 2008 16:34:18 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 65936 invoked by uid 500); 21 May 2008 16:34:18 -0000 Delivered-To: apmail-jakarta-tomcat-dev@jakarta.apache.org Received: (qmail 65913 invoked by uid 99); 21 May 2008 16:34:18 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 21 May 2008 09:34:18 -0700 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 21 May 2008 16:33:24 +0000 Received: by brutus.apache.org (Postfix, from userid 33) id DC5F5234C11E; Wed, 21 May 2008 09:33:45 -0700 (PDT) From: bugzilla@apache.org To: tomcat-dev@jakarta.apache.org Subject: DO NOT REPLY [Bug 45059] New: http://www.servername.com/WEB-INF./web.xml X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: newchanged X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Tomcat 5 X-Bugzilla-Component: Unknown X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: varadasrini@gmail.com X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: tomcat-dev@jakarta.apache.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Changed-Fields: Message-ID: Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 Date: Wed, 21 May 2008 09:33:45 -0700 (PDT) X-Virus-Checked: Checked by ClamAV on apache.org https://issues.apache.org/bugzilla/show_bug.cgi?id=45059 Summary: http://www.servername.com/WEB-INF./web.xml Product: Tomcat 5 Version: Unknown Platform: PC OS/Version: Windows XP Status: NEW Severity: normal Priority: P2 Component: Unknown AssignedTo: tomcat-dev@jakarta.apache.org ReportedBy: varadasrini@gmail.com We are working over a problem in the embedded tomcat server which leading us to security compliance. The Resources defined in the deployment descriptor are been display in the following http://www.servername.com/WEB-INF./web.xml We tried to block the this request, but we are not able to restrict the request to display the xml content of web.xml. I hope someone might have seen similar vunerability to the web server. Please advice on this issues. we are using Apache Tomcat 5.5.9 & 5.5.20 also. We have tried on the context setting and other settings of the server. Thanks in Advance, Srinivas -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org