tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alla Winter" <>
Subject How to set restrictions on the retreival of files from some directories
Date Thu, 17 Nov 2005 20:19:13 GMT
BY default it is possible to retrieve files located under the 'WEB-INF'
directory. For example: or
<>  vlet.class

What needs to be done to prevent it ?   Why such restrictions are not set by
default?  This vulnerability prevents us to pass the security certification

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message