tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <>
Subject Security Problem with Tomcat
Date Thu, 01 Jan 1970 00:00:00 GMT

  I've been reading the recent security reports concerning TOMCAT and I'm a little bit confused,
so I'm hoping someone can explain them to me.

 I saw where you can walk the directory structure of your TOMCAT server.  From what I seen,
the problem was on a WIN2K box with 3.2.1 using the TOMCAT web server.  I also read you can
download your .jsp files.  Here again it seems this problem is evident with the TOMCAT web
sever.  Later messages reported this problem with 4.02Beta.  Somewhere, the thread was lost
and I can't piece all of it together. Therefor, I need to know if I have a problem with my

 My configuration consist of Solaris 2.6, Apache 1.3.9 and Tomcat 3.2.1.  Tomcat has been
intergrated within our Apache web server.  But, I do start the TOMCAT server.  Also, should
I upgrade to the latest Beta version to be more secure?  Is there anything I have to do to
my jsp scripts if I upgrade?

 Finally, could someone give me a good detail explanation of the security issues with TOMCAT?

Dave Ansalvish

View raw message