[ http://issues.apache.org/jira/browse/GERONIMO-1489?page=all ]
Donald Woods updated GERONIMO-1489:
-----------------------------------
Attachment: Geronimo-1489_part1.patch
Geronimo-1489_part2.patch
Geronimo-1489_part3.patch
attached patches based on the items mentioned in each issue part
> Minor fixes/updates to jUDDI webapp and Tomcat config
> -----------------------------------------------------
>
> Key: GERONIMO-1489
> URL: http://issues.apache.org/jira/browse/GERONIMO-1489
> Project: Geronimo
> Type: Bug
> Components: sample apps, security
> Versions: 1.0
> Environment: AG 1.0 on WinXP w/ Sun JDK 1.4.2_08
> Reporter: Donald Woods
> Assignee: Donald Woods
> Priority: Minor
> Fix For: 1.0.1, 1.1
> Attachments: Geronimo-1489_part1.patch, Geronimo-1489_part2.patch,
> Geronimo-1489_part3.patch
>
> When user accesses the console displayed webapp location of jUDDI at -
> http://localhost:8080/juddi
> Part 1 - they are presented with a directory listing with happyjuddi.jsp in
> it instead of the JSP automatically loading.
> Part 2 - when they click on the JSP, the page loads and shows system
> properties, which should not be displayed as any user has access to this JSP
> and some of the information could be used to try and hack into the system
> (like username and OS info)
> Part 3 - the uddi-tomcat configuration creates a uddi-jetty directory in the
> config store instead of the expected uddi-tomcat
> 3 separate patches will be attached for the above using the latest 1.0 branch
> code.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
