immediately so that I can correct and delete the original
email. Thank you.
:: -Original Message-
:: From: Schalk [mailto:[EMAIL PROTECTED]
:: Sent: Tuesday, June 08, 2004 9:27 PM
:: To: 'Tomcat Users List'
:: Subject: RE: JSP source being shown (not being executed)
::
:: I stand
: Tuesday, June 08, 2004 2:44 PM
To: Tomcat Users List
Subject: Re: JSP source being shown (not being executed)
Actually, I'm not running Apache right now. This has something
to do with my
servlet context (*.html) not being sent to the JSP engine -
it's treating it
like regular HTML right
Just a thought but, if you are running both Apache and Tomcat, Apache is
probably picking up the .html extension and tries to display the content of
the file which will result in it displaying the code.
Kind Regards
Schalk Neethling
Web Developer.Designer.Programmer.President
[EMAIL PROTECTED]
To: 'Tomcat Users List' [EMAIL PROTECTED]
Sent: Tuesday, June 08, 2004 11:23 AM
Subject: RE: JSP source being shown (not being executed)
Just a thought but, if you are running both Apache and Tomcat, Apache is
probably picking up the .html extension and tries to display the content
I have seen that before with JDK not in the system path.
-Original Message-
From: Michael Mehrle [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 08, 2004 2:44 PM
To: Tomcat Users List
Subject: Re: JSP source being shown (not being executed)
Actually, I'm not running Apache right now
: Tuesday, June 08, 2004 11:50 AM
Subject: RE: JSP source being shown (not being executed)
I have seen that before with JDK not in the system path.
-Original Message-
From: Michael Mehrle [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 08, 2004 2:44 PM
To: Tomcat Users List
Subject: Re
: Re: JSP source being shown (not being executed)
::
:: Actually, I'm not running Apache right now. This has something to do with
my
:: servlet context (*.html) not being sent to the JSP engine - it's treating
it
:: like regular HTML right now. Strange, since my other mappings seem to
work
:: fine
the original
email. Thank you.
:: -Original Message-
:: From: Schalk [mailto:[EMAIL PROTECTED]
:: Sent: Tuesday, June 08, 2004 9:27 PM
:: To: 'Tomcat Users List'
:: Subject: RE: JSP source being shown (not being executed)
::
:: I stand under correction but, it may even be that this not allowed
http://jakarta.apache.org/tomcat/faq/misc.html#compile
-Tim
Joe McGranaghan wrote:
Using tomcat 4.1.18 I get the following error when trying to view my JSP
page:
An error occurred at line: -1 in the jsp file: null
Generated servlet error:
[javac] Compiling 1 source file
F:\Program
Thanks for your help Tim.
From: Tim Funk [EMAIL PROTECTED]
Reply-To: Tomcat Users List [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Subject: Re: JSP source compilation error
Date: Sun, 06 Jul 2003 12:02:34 -0400
http://jakarta.apache.org/tomcat/faq/misc.html#compile
-Tim
Joe
Sorry for asking some dumb question. I'm not a unix person.
What is wget and sendmail?
I cannot see those commands in UNIX.
Thanks
Deepa
-Original Message-
From: Will Hartung [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 10, 2003 1:43 AM
To: Tomcat Users List
Subject: Re: JSP source
Google is your friend:
http://www.google.com/search?q=wget
http://www.google.com/search?q=sendmail
-Original Message-
From: Deepa Raja [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 10, 2003 10:29 AM
To: Tomcat Users List
Subject: RE: JSP source
Sorry for asking some dumb
: Friday, January 10, 2003 4:29 AM
To: Tomcat Users List
Subject: RE: JSP source
Sorry for asking some dumb question. I'm not a unix person.
What is wget and sendmail?
I cannot see those commands in UNIX.
Thanks
Deepa
-Original Message-
From: Will Hartung [mailto:[EMAIL
Hi
I want to do some reporting that is to be called by a cron job.
I do not want to use a reporting tool. Can use JSP
* to talk to the database
* fetch the relevant details
* format the details as a report
* fetch the HTML source of the generated report
*
From: Turner, John [EMAIL PROTECTED]
Sent: Friday, January 10, 2003 5:08 AM
Subject: RE: JSP source
wget is a text-based client that can make HTTP and FTP requests, copying
the
results to a file.
wget is a popular program, but may not be installed on your system, so
you'll need to hunt
If you combine #3 and #4, your problem is solved. Format the details as a
report...how would you format them if not HTML? All you have to do is
stream the HTML into a buffer, then send that out as the body of a message.
You'll want to set the ContentType on your message to HTML.
You could do
very easily
Please feel free to point out if I'm wrong.
how could I get the html source? Could you please explain it for me.
Thanks
Deepa
-Original Message-
From: Turner, John [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 09, 2003 3:02 PM
To: 'Tomcat Users List'
Subject: RE: JSP
b) reads the HTML
c) mails it to the intended recipients.
3. Write a cron job to run your email component
Andy
-Original Message-
From: Deepa Raja [mailto:[EMAIL PROTECTED]]
Sent: 09 January 2003 15:43
To: Tomcat Users List
Subject: RE: JSP source
Hi John
With JSP it is like
Exactly.
Something like java.net.URLConnection.getContent(), I believe.
John
-Original Message-
From: Bodycombe, Andrew [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 09, 2003 10:48 AM
To: 'Tomcat Users List'
Subject: RE: JSP source
Fetching the HTML is straightforward
From: Bodycombe, Andrew [EMAIL PROTECTED]
To: 'Tomcat Users List' [EMAIL PROTECTED]
Subject: RE: JSP source
Fetching the HTML is straightforward. Just create a URL connection and
read
the data from the stream.
Yup, great idea Andy, but too much work.
Stick this in your cron tab
#!/bin/sh
Could you send us your httpd.conf and workers.properties setup ?
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Message-
From: Brad Plies [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 25, 2002 7:26 PM
To: Tomcat Users List
Subject: RE: Jsp source disclosure patch for legacy type 1
architectures
Thanks for the reply Tim,
I had downloaded and installed Apache Tomcat 4.1.12
(link
Good eye!
On the other hand, the thing you posted to jguru has
the opposite
problem. You'll need to add a second servlet
mapping to the source
disclosure blocker for
/servlet/org.apache.catalina.servlets.DefaultServlet/
__
Do you Yahoo!?
3.2 Workaround:
There are at least two ways to protect from this vulnerability.
A. Tomcat in tandem with HTTP server front-end:
If you are using front-end HTTP server you can filter all
requests with the pattern */servlet/org.apache.catalina.servlets.DefaultServlet*
b. If you are using
They also changed the InvokerServlet so that it can't be used to invoke
other built-in servlets (including the DefaultServlet). So even if you
uncomment the invoker servlet, you still won't be vulnerable to this
specific exploit.
There might be other ways in which your site is vulnerable to
Thanks for the reply Tim,
I had downloaded and installed Apache Tomcat 4.1.12
(link on the news page), and tested it using the same
server webapp config, and the vulnerability still
existed. Maybe I shouldn't have recycled the server
configs, but it still got through.
Your solution looks
Veniamin Fichin wrote:
Rossen Raykov wrote:
Tomcat 4.x JSP source exposure security advisory
1. Summary
Tomcat 4.0.4 and 4.1.10 (probably all other earlier versions also) are
vulnerable to source code exposure by using the default servlet
org.apache.catalina.servlets.DefaultServlet.
27 matches
Mail list logo
