That is what I needed ...
Thanks all
To follow this up, why is this a security risk?
Do they want specific mapping for each servlet?
Thanks
-Original Message-
From: PELOQUIN,JEFFREY (HP-Boise,ex1) [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 19, 2002 9:54 AM
To: 'Tomcat Users
See these messages:
http://www.mail-archive.com/announcements@jakarta.apache.org/msg00122.ht
ml
http://www.mail-archive.com/announcements@jakarta.apache.org/msg00128.ht
ml
--
Tim Moore / Blackboard Inc. / Software Engineer
1899 L Street, NW / 5th Floor / Washington, DC 20036
Phone 202-463-4860
These messages indicate that a fix is in the works: A new Tomcat 4.1.x
release incorporating the fix to the invoker servlet will be made
available shortly.
Am I reading this correctly as saying the quick fix is to disable the
invoker, but the long term fix is to change the invoker to make the
-Original Message-
From: Larry Meadors [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 19, 2002 12:09 PM
To: [EMAIL PROTECTED]
Subject: RE: Should not be this hard(why is this a security risk)
These messages indicate that a fix is in the works: A new
Tomcat 4.1.x release
On Thu, 19 Dec 2002, Tim Moore wrote:
Date: Thu, 19 Dec 2002 12:48:37 -0500
From: Tim Moore [EMAIL PROTECTED]
Reply-To: Tomcat Users List [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Subject: RE: Should not be this hard(why is this a security risk)
-Original
Just a guess...
Because someone could theoretically drop a servlet into your file system
programmed to issue commands passed in as a parameter and execute them as
root?
- Original Message -
From: Randy Paries [EMAIL PROTECTED]
To: 'Tomcat Users List' [EMAIL PROTECTED]
Sent: