Security vulnerability of WEB-INF contents on windows platforms
---------------------------------------------------------------
Key: GERONIMO-1433
URL: http://issues.apache.org/jira/browse/GERONIMO-1433
Project: Geronimo
Type: Bug
Environment: Jetty server
Reporter: Greg Wilkins
Assigned to: Greg Wilkins
Priority: Critical
Fix For: 1.x, 1.0.1
The 5.1.9 Jetty server used by geronimo 1.0 suffers from a security
vulnerability that allows a crafted URL to access the contents of WEB-INF when
the server is run on windows platforms. The 5.1.10 release of Jetty fixes
this vulnerability.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
