tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 51769] New: False positive: Somebody try to hack into the site!!!
Date Tue, 06 Sep 2011 08:33:56 GMT

             Bug #: 51769
           Summary: False positive: Somebody try to hack into the site!!!
           Product: Tomcat Connectors
           Version: 1.2.31
          Platform: PC
        OS/Version: Windows Server 2003
            Status: NEW
          Severity: normal
          Priority: P2
         Component: isapi
    Classification: Unclassified

Messages such as the following are logged:

[Mon Sep 05 11:36:35 2011]  [jk_isapi_plugin.c (843)]: HttpFilterProc
points to the web-inf or meta-inf directory.
Somebody try to hack into the site!!!

and HTTP status 403 is returned on the request. This is a false positive. The
file name is meta-inf.xml but it is not in the meta-inf directory.

A number of forum references can be found e.g.
but it does appear to have been previously raised as a bug.

Unfortunately this renders the ispai connector unusable with this Tomcat

Reproduced on isapi at 1.2.32 (not available in pulldown list!). Cannot be
reproduced in mod_jk connector.

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message