Re: [PATCH] Potential security problem with '?' in jsp file name TC3.3B1

[PATCH] Potential security problem with '?' in jsp file name TC3.3B1 > Using: > Apache 1.3.17 > TC3.3 B1 > Ajp13 > Java 1.3.1 > > making the request http://myserver/%3f%41%3d%42.jsp was interpreted as a > request for the file "/?A=B.jsp". JspInterc

[PATCH] Potential security problem with '?' in jsp file name TC3.3B1

Using: Apache 1.3.17 TC3.3 B1 Ajp13 Java 1.3.1 making the request http://myserver/%3f%41%3d%42.jsp was interpreted as a request for the file "/?A=B.jsp". JspInterceptor then happily creates a page containing the contents of the ROOT directory. The attached patch forbids such silliness. JspI