Re: Tomcat security issue

J S Gaidu Tue, 17 Oct 2000 02:17:04 -0700
I am using tomcat version 3.0 on nt it doesn't happen here . I tested it
with simple jsp page.
J S GAIDU
email: [EMAIL PROTECTED]

----- Original Message -----
From: Kim <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, October 17, 2000 01:52 PM
Subject: Re: Tomcat security issue


> TakHoe,
>
> Really?  Gosh, this is serious.....
> That doesn't happen in TOMCAT.v 1.1.1.1 1999/10/09.
> And it's running on NT.
>
> kim.
> ----- Original Message -----
> From: "Cheong Takhoe" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, October 17, 2000 4:01 PM
> Subject: Tomcat security issue
>
>
> > Hi,
> >
> > I discovered that Tomcat has a security problem with regards to the way
it
> > works with the handlers.
> >
> > if you have a file x.jsp
> > when you access it through the web browser, http://<hostname>/x.jsp\
> > with the \ there,
> >
> > it opens up the source code....
> > HMMMMMmmmm...
> >
> > I don't know whether this is similar on a non-NT platform.
> > any ideas about this? solutions?
> >
> > regards,
> > Cheong Takhoe
> >
> >
>
===========================================================================
> > To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
> JSP-INTEREST".
> > Some relevant FAQs on JSP/Servlets can be found at:
> >
> >  http://java.sun.com/products/jsp/faq.html
> >  http://www.esperanto.org.nz/jsp/jspfaq.html
> >  http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> >  http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
> >
>
>
===========================================================================
> To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
JSP-INTEREST".
> Some relevant FAQs on JSP/Servlets can be found at:
>
>  http://java.sun.com/products/jsp/faq.html
>  http://www.esperanto.org.nz/jsp/jspfaq.html
>  http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
>  http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
>

===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
Some relevant FAQs on JSP/Servlets can be found at:

 http://java.sun.com/products/jsp/faq.html
 http://www.esperanto.org.nz/jsp/jspfaq.html
 http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
 http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
Re: Tomcat security issue

Reply via email to
