tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 61369] New: Tomcat 8.5.16 vulnerable to CVE-2016-0793
Date Wed, 02 Aug 2017 00:36:56 GMT
https://bz.apache.org/bugzilla/show_bug.cgi?id=61369

            Bug ID: 61369
           Summary: Tomcat 8.5.16 vulnerable to CVE-2016-0793
           Product: Tomcat 8
           Version: 8.5.16
          Hardware: PC
            Status: NEW
          Severity: critical
          Priority: P2
         Component: Catalina
          Assignee: dev@tomcat.apache.org
          Reporter: brett@schoppert.com
  Target Milestone: ----

Tomcat deployed on Windows Server 2012r2 is vulnerable to CVE-2016-0793

Accessing URL : http://<fqdn>/WEB-INF./web.xml will return the web.xml file
whereas accessing : http://<fqdn>/WEB-INF/web.xml will not.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message