tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cheong Takhoe <Tak...@apiit.edu.my>
Subject RE: Tomcat security issue - THIS IS SERIOUS !!!
Date Wed, 18 Oct 2000 12:20:48 GMT
Okay...

I found that this situation happens when you use 

Tomcat 3.1 
On Windows NT 4.0

I've tried it on jswdk on Windows NT 4.0 and it doesn't happen there....

regards,
Cheong Takhoe


> -----Original Message-----
> From:	Lacerda, Wellington (AFIS) [SMTP:Wellington.Lacerda@fao.org]
> Sent:	Wednesday, October 18, 2000 7:27 PM
> To:	'tomcat-user@jakarta.apache.org'
> Subject:	RE: Tomcat security issue - THIS IS SERIOUS !!!
> 
> By TADA you mean There's Another Disaster Ahead, I believe :-)
> 
> Wellington Silva
> UN/FAO
> 
> 		-----Original Message-----
> 		From:	Cheong Takhoe [mailto:Takhoe@apiit.edu.my]
> 		Sent:	Wednesday, October 18, 2000 12:20 PM
> 		To:	'tomcat-user@jakarta.apache.org'
> 		Subject:	RE: Tomcat security issue - THIS IS SERIOUS
> !!!
> 
> 		TADA.... : )
> 
> 		> -----Original Message-----
> 		> From:	Lacerda, Wellington (AFIS)
> [SMTP:Wellington.Lacerda@fao.org]
> 		> Sent:	Wednesday, October 18, 2000 4:31 PM
> 		> To:	'tomcat-user@jakarta.apache.org'
> 		> Subject:	RE: Tomcat security issue - THIS IS SERIOUS
> !!!
> 		> Importance:	High
> 		> 
> 		> I have tomcat under NT and it exposes the source code even
> when you call
> 		> it
> 		> as standalone server through :8080 !
> 		> Is this affecting 3.2b6 also ?
> 		> 
> 		> Wellington Silva
> 		> UN/FAO
> 		> 
> 		> 		-----Original Message-----
> 		> 		From:	Richard Wooding
> [mailto:richard@camara.co.za]
> 		> 		Sent:	Wednesday, October 18, 2000 10:24 AM
> 		> 		To:	tomcat-user@jakarta.apache.org
> 		> 		Subject:	Re: Tomcat security issue
> 		> 
> 		> 		check your apache configuration
> 		> 
> 		> 		----- Original Message ----- 
> 		> 		From: "Cheong Takhoe" <Takhoe@apiit.edu.my>
> 		> 		To: <tomcat-user@jakarta.apache.org>
> 		> 		Sent: Wednesday, October 18, 2000 7:34 AM
> 		> 		Subject: Tomcat security issue
> 		> 
> 		> 
> 		> 		Hi,
> 		> 
> 		> 		I discovered that Tomcat has a security
> problem with regards
> 		> to the way it
> 		> 		works with the handlers.
> 		> 
> 		> 		if you have a file x.jsp
> 		> 		when you access it through the web browser,
> 		> http://<hostname>/x.jsp\
> 		> 		with the \ there,
> 		> 
> 		> 		it opens up the source code....
> 		> 		HMMMMMmmmm...
> 		> 
> 		> 		I don't know whether this is similar on a
> non-NT platform. 
> 		> 		any ideas about this? solutions?
> 		> 
> 		> 		regards,
> 		> 		Cheong Takhoe

Mime
View raw message