3.2 Workaround:
There are at least two ways to protect from this vulnerability.
A. Tomcat in tandem with HTTP server front-end:
If you are using front-end HTTP server you can filter all
requests with the pattern */servlet/org.apache.catalina.servlets.DefaultServlet*
b. If you are using
Tomcat 4.x JSP source exposure security advisory
1. Summary
Tomcat 4.0.4 and 4.1.10 (probably all other earlier versions also) are
vulnerable to source code exposure by using the default servlet
org.apache.catalina.servlets.DefaultServlet.
2. Details:
Let say you have valid URL like
Rossen Raykov wrote:
Tomcat 4.x JSP source exposure security advisory
1. Summary
Tomcat 4.0.4 and 4.1.10 (probably all other earlier versions also) are
vulnerable to source code exposure by using the default servlet
org.apache.catalina.servlets.DefaultServlet.
--= [ cut ] =--
3.
Veniamin Fichin wrote:
Rossen Raykov wrote:
Tomcat 4.x JSP source exposure security advisory
1. Summary
Tomcat 4.0.4 and 4.1.10 (probably all other earlier versions also) are
vulnerable to source code exposure by using the default servlet
org.apache.catalina.servlets.DefaultServlet.