DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=29728>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=29728 Tomcat 'admin' application allows jspf source browsing Summary: Tomcat 'admin' application allows jspf source browsing Product: Tomcat 5 Version: 5.0.25 Platform: PC URL: http://127.0.0.1:8080/admin/users/ OS/Version: Windows NT/2K Status: NEW Severity: Normal Priority: Other Component: Webapps:Administration AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] Default configuration of Tomcat 'admin' application allows jspf source browsing without any authentication. One needs just to use URL http://tomcat_host:8080/admin/users/ . --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]