tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kwok Peng Tuck <pengt...@makmal.net>
Subject Re: security hole on windows tomcat?
Date Tue, 12 Aug 2003 08:11:57 GMT
Can't replicate your problem, tried both linux and win2k 
Version of tomcat is the same as yours.

Paul Sundling("Webdaddy") wrote:

> I came across what appears to be a security hole when running tomcat. 
> I'm not sure how widespread it is, but my linux server is safe, yet my 
> windows XP, tomcat 4.1.24 is vulnerable.
>
> I found that if you append %20 to a jsp page it shows the source code 
> instead of displaying the page:
>
> http://192.168.1.54:8080/index.jsp  <shows page as expected>
> http://192.168.1.54:8080/index.jsp%20 <shows source code of index.jsp>
>
> So how widespread is this?
>
> Paul Sundling
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>


Mime
View raw message