tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mikko Hämäläinen" <mikk...@hotmail.com>
Subject Re: security hole on windows tomcat?
Date Mon, 11 Aug 2003 12:18:02 GMT
Hi,
I use Tomcat 4.1.18 on win2k and it seems to be safe, I also tested that
with Tomcat 4.0.1 on Redhat and it was ok too..


----- Original Message -----
From: "Paul Sundling("Webdaddy")" <tkz@tkz.net>
To: <tomcat-user@jakarta.apache.org>
Sent: Sunday, August 10, 2003 7:00 AM
Subject: security hole on windows tomcat?


> I came across what appears to be a security hole when running tomcat.
> I'm not sure how widespread it is, but my linux server is safe, yet my
> windows XP, tomcat 4.1.24 is vulnerable.
>
> I found that if you append %20 to a jsp page it shows the source code
> instead of displaying the page:
>
> http://192.168.1.54:8080/index.jsp  <shows page as expected>
> http://192.168.1.54:8080/index.jsp%20 <shows source code of index.jsp>
>
> So how widespread is this?
>
> Paul Sundling
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>

Mime
View raw message