Re: Tomcat security issue

Kim Tue, 17 Oct 2000 02:10:57 -0700
1999/10/09.

----- Original Message -----
From: "Cheong Takhoe" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, October 17, 2000 4:45 PM
Subject: Re: Tomcat security issue


> When did you get your build?
>
>
> > -----Original Message-----
> > From: Kim [SMTP:[EMAIL PROTECTED]]
> > Sent: Tuesday, October 17, 2000 4:23 PM
> > To:   [EMAIL PROTECTED]
> > Subject:      Re: Tomcat security issue
> >
> > TakHoe,
> >
> > Really?  Gosh, this is serious.....
> > That doesn't happen in TOMCAT.v 1.1.1.1 1999/10/09.
> > And it's running on NT.
> >
> > kim.
> > ----- Original Message -----
> > From: "Cheong Takhoe" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Tuesday, October 17, 2000 4:01 PM
> > Subject: Tomcat security issue
> >
> >
> > > Hi,
> > >
> > > I discovered that Tomcat has a security problem with regards to the
way
> > it
> > > works with the handlers.
> > >
> > > if you have a file x.jsp
> > > when you access it through the web browser, http://<hostname>/x.jsp\
> > > with the \ there,
> > >
> > > it opens up the source code....
> > > HMMMMMmmmm...
> > >
> > > I don't know whether this is similar on a non-NT platform.
> > > any ideas about this? solutions?
> > >
> > > regards,
> > > Cheong Takhoe
> > >
> > >
> >
==========================================================================
> > =
> > > To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
> > JSP-INTEREST".
> > > Some relevant FAQs on JSP/Servlets can be found at:
> > >
> > >  http://java.sun.com/products/jsp/faq.html
> > >  http://www.esperanto.org.nz/jsp/jspfaq.html
> > >  http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> > >  http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
> > >
> >
> >
==========================================================================
> > =
> > To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
> > JSP-INTEREST".
> > Some relevant FAQs on JSP/Servlets can be found at:
> >
> >  http://java.sun.com/products/jsp/faq.html
> >  http://www.esperanto.org.nz/jsp/jspfaq.html
> >  http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> >  http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
>
>
===========================================================================
> To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
JSP-INTEREST".
> Some relevant FAQs on JSP/Servlets can be found at:
>
>  http://java.sun.com/products/jsp/faq.html
>  http://www.esperanto.org.nz/jsp/jspfaq.html
>  http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
>  http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
>

===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
Some relevant FAQs on JSP/Servlets can be found at:

 http://java.sun.com/products/jsp/faq.html
 http://www.esperanto.org.nz/jsp/jspfaq.html
 http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
 http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
Re: Tomcat security issue

Reply via email to
