tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Howell <m...@nullcraft.org>
Subject Re: Source script reveal bug
Date Fri, 08 Jun 2001 04:33:08 GMT
I know that the release notes for tomcat 4 beta 5 state that appending the
string "%00" to the end of the JSP url will reveal the source code, but it was
referring to tc4 betas prior to beta 5.  Is this the issue you're talking
about?

-Mark Howell
mark@nullcraft.org
http://nullcraft.org

Venkat wrote:
> 
> Hi All
> 
> Since I could not get a solution from the archives, this posting is
> inevitable
> 
> I'm using Tomcat 3.2.1 on my production server on Win2K with IIS 5.  I
> recently come across about a bug in this version of Tomcat which reveals JSP
> script source code by URL trickery.  I hope many of you guys there are aware
> of it and fixed it too.  I wish to know that is it a bug in Windows platform
> (because coldfusion on windows has similar problem add +.htr to your cfm url
> reveals cfm source code, and MS has a fix for NT 4.0 and win2K)
> 
> If it's a bug in Tomcat, is there a fix for it and how to do it.  Please
> reply with complete details/urls
> 
> Regards
> 
> Venkat
> 
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com

Mime
View raw message