Bug ID: 60667
           Summary: Information disclosure vulnerability leaking files
                    from WEB-INF and META-INF
           Product: Tomcat 7
           Version: 7.0.61
          Hardware: All
            Status: NEW
          Severity: minor
          Priority: P2
         Component: Servlet & JSP API
  Target Milestone: ---

Request : https://<server>:<port>/META-INf./
Response : Content of

Here the tomcat URL filter for restricting access to META-INF and WEB-INF can
be evaded using a "." in the end of the directory-name and one keeping at least
one character lowercase.

You are receiving this mail because:
You are the assignee for the bug.
To unsubscribe, e-mail:
For additional commands, e-mail:

Reply via email to