DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22630>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22630 The bug featured in URL appears to affect Apache and Tomcat when used with mod_jk2 Summary: The bug featured in URL appears to affect Apache and Tomcat when used with mod_jk2 Product: Apache httpd-2.0 Version: 2.0.47 Platform: Other URL: http://www.westpoint.ltd.uk/advisories/wp-02-0002.txt OS/Version: Windows NT/2K Status: UNCONFIRMED Severity: Normal Priority: Other Component: Other Modules AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] When mod_jk2 is used as a connector between Apache 2.0.47 and Tomcat 4.1.24 that even if the /WEB-INF/ directory of a web application is explicitly set to deny from all in the Apache configuration files, that files can still be retrieved using a directory of /WEB-INF./ without any problems. Apparently this bug effects all versions of windows, however I have only tested it in a Windows 2000 environment. This allows access to class files, the web.xml, and anything else located in this directory. A workaround for this bug is to also explictly set /WEB-INF./ to deny from all in the Apache config files. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
