[PATCH] Potential security problem with '?' in jsp file name
TC3.3B1
> Using:
> Apache 1.3.17
> TC3.3 B1
> Ajp13
> Java 1.3.1
>
> making the request http://myserver/%3f%41%3d%42.jsp was interpreted as a
> request for the file "/?A=B.jsp". JspInterc
Using:
Apache 1.3.17
TC3.3 B1
Ajp13
Java 1.3.1
making the request http://myserver/%3f%41%3d%42.jsp was interpreted as a
request for the file "/?A=B.jsp". JspInterceptor then happily creates a
page containing the contents of the ROOT directory. The attached patch
forbids such silliness.
JspI