https://bz.apache.org/bugzilla/show_bug.cgi?id=60667
Bug ID: 60667 Summary: Information disclosure vulnerability leaking files from WEB-INF and META-INF Product: Tomcat 7 Version: 7.0.61 Hardware: All Status: NEW Severity: minor Priority: P2 Component: Servlet & JSP API Assignee: dev@tomcat.apache.org Reporter: adarshdin...@gmail.com Target Milestone: --- Request : https://<server>:<port>/META-INf./template.mf Response : Content of template.mf Here the tomcat URL filter for restricting access to META-INF and WEB-INF can be evaded using a "." in the end of the directory-name and one keeping at least one character lowercase. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org