tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nacho <na...@siapi.es>
Subject RE: Tomcat security issue - THIS IS SERIOUS !!!
Date Wed, 18 Oct 2000 11:42:31 GMT
I have W2k+Tomcat 3.2b6 standalone, I dont have this problem AFAIK and
test..

Saludos ,
Ignacio J. Ortega


> -----Mensaje original-----
> De: Lacerda, Wellington (AFIS) [mailto:Wellington.Lacerda@fao.org]
> Enviado el: miƩrcoles 18 de octubre de 2000 10:31
> Para: 'tomcat-user@jakarta.apache.org'
> Asunto: RE: Tomcat security issue - THIS IS SERIOUS !!!
> Importancia: Alta
> 
> 
> I have tomcat under NT and it exposes the source code even 
> when you call it
> as standalone server through :8080 !
> Is this affecting 3.2b6 also ?
> 
> Wellington Silva
> UN/FAO
> 
> 		-----Original Message-----
> 		From:	Richard Wooding [mailto:richard@camara.co.za]
> 		Sent:	Wednesday, October 18, 2000 10:24 AM
> 		To:	tomcat-user@jakarta.apache.org
> 		Subject:	Re: Tomcat security issue
> 
> 		check your apache configuration
> 
> 		----- Original Message ----- 
> 		From: "Cheong Takhoe" <Takhoe@apiit.edu.my>
> 		To: <tomcat-user@jakarta.apache.org>
> 		Sent: Wednesday, October 18, 2000 7:34 AM
> 		Subject: Tomcat security issue
> 
> 
> 		Hi,
> 
> 		I discovered that Tomcat has a security problem 
> with regards
> to the way it
> 		works with the handlers.
> 
> 		if you have a file x.jsp
> 		when you access it through the web browser,
> http://<hostname>/x.jsp\
> 		with the \ there,
> 
> 		it opens up the source code....
> 		HMMMMMmmmm...
> 
> 		I don't know whether this is similar on a 
> non-NT platform. 
> 		any ideas about this? solutions?
> 
> 		regards,
> 		Cheong Takhoe
> 

Mime
View raw message