Return-Path: Delivered-To: apmail-jakarta-tomcat-user-archive@apache.org Received: (qmail 35758 invoked from network); 3 Dec 2001 16:14:26 -0000 Received: from unknown (HELO nagoya.betaversion.org) (192.18.49.131) by daedalus.apache.org with SMTP; 3 Dec 2001 16:14:26 -0000 Received: (qmail 13111 invoked by uid 97); 3 Dec 2001 16:13:36 -0000 Delivered-To: qmlist-jakarta-archive-tomcat-user@jakarta.apache.org Received: (qmail 13060 invoked by uid 97); 3 Dec 2001 16:13:35 -0000 Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Users List" Reply-To: "Tomcat Users List" Delivered-To: mailing list tomcat-user@jakarta.apache.org Received: (qmail 12997 invoked from network); 3 Dec 2001 16:13:34 -0000 Message-ID: <20011203161326.21761.qmail@hm36.locaweb.com.br> From: "Renato" Date: Mon Dec 3 14:13:26 2001 To: "Tomcat Users List" , tomcat-dev@jakarta.apache.org Subject: Re: Directory listing vulnerability in Tomcat 3.2 References: <20011203131634.4941.qmail@hm36.locaweb.com.br> In-Reply-To: <20011203131634.4941.qmail@hm36.locaweb.com.br> X-Mailer: LocaWeb Mail X-IPAddress: 200.192.44.60 X-Sender: webmaster@cienciapura.com.br MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N I just downloaded and installed Tomcat 3.2.4 and the problem in on this version too. I think that if you a 404 error page defined, this problem doesn't happen. Anyway, I think it's a vulnerability. On Mon Dec 3 11:16:34 2001, "Renato" escreveu : > Hi all, > > Recently I saw in the vuln-dev list a directory > listing vulnerability in Tomcat 3.2.3. It's simple, > just call the URL: > > http://yousite/%3f.jsp > > Is it fixed in Tomcat 3.2.4 ? > > Thanks > > > > -- > To unsubscribe: > For additional commands: > Troubles with the list: > > > > -- To unsubscribe: For additional commands: Troubles with the list: