Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 65717 invoked from network); 9 Sep 2008 08:30:19 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 9 Sep 2008 08:30:19 -0000 Received: (qmail 10435 invoked by uid 500); 9 Sep 2008 08:30:04 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 10376 invoked by uid 500); 9 Sep 2008 08:30:04 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 10365 invoked by uid 99); 9 Sep 2008 08:30:04 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 09 Sep 2008 01:30:04 -0700 X-ASF-Spam-Status: No, hits=1.2 required=10.0 tests=SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [63.246.7.73] (HELO mail.springsource.com) (63.246.7.73) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 09 Sep 2008 08:29:05 +0000 Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.springsource.com (Postfix) with ESMTP id 474CA3BF01C1 for ; Tue, 9 Sep 2008 03:29:05 -0500 (CDT) X-Virus-Scanned: amavisd-new at X-Spam-Score: -3.155 X-Spam-Level: Received: from mail.springsource.com ([127.0.0.1]) by localhost (mail.springsource.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AjCxy94IZyYF for ; Tue, 9 Sep 2008 03:29:00 -0500 (CDT) Received: from host57.msm.che.vodafone (unknown [212.183.134.129]) by mail.springsource.com (Postfix) with ESMTP id 18A183BF01B0 for ; Tue, 9 Sep 2008 03:28:59 -0500 (CDT) Message-ID: <48C633C9.9030102@apache.org> Date: Tue, 09 Sep 2008 09:28:57 +0100 From: Mark Thomas User-Agent: Thunderbird 2.0.0.16 (Macintosh/20080707) MIME-Version: 1.0 To: Tomcat Users List Subject: Re: Tomcat 6 and images References: <19260262.post@talk.nabble.com> <48BDAD6E.3000508@hanik.com> <19280777.post@talk.nabble.com> <0AAE5AB84B013E45A7B61CB66943C172142CEF7E47@USEA-EXCH7.na.uis.unisys.com> <19379214.post@talk.nabble.com> In-Reply-To: <19379214.post@talk.nabble.com> X-Enigmail-Version: 0.95.7 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org X-Old-Spam-Flag: NO X-Old-Spam-Status: No, score=-3.155 tagged_above=-10 required=6.6 tests=[AWL=-0.656, BAYES_00=-2.599, RDNS_NONE=0.1] Mathias P.W Nilsson wrote: > Can this be hacked? like http://localhost/files/../../somefile No. There have been some recent vulnerabilities with particular configurations in this area but these are fixed in the latest 5.5.x and 6.0.x releases. Mark --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org