subject:"JSP source code exposure in Tomcat 4.x"

Re: JSP source code exposure in Tomcat 4.x

2002-09-25 Thread Carrie Salazar

3.2 Workaround: There are at least two ways to protect from this vulnerability. A. Tomcat in tandem with HTTP server front-end: If you are using front-end HTTP server you can filter all requests with the pattern */servlet/org.apache.catalina.servlets.DefaultServlet* b. If you are using

JSP source code exposure in Tomcat 4.x

2002-09-24 Thread Rossen Raykov

Tomcat 4.x JSP source exposure security advisory 1. Summary Tomcat 4.0.4 and 4.1.10 (probably all other earlier versions also) are vulnerable to source code exposure by using the default servlet org.apache.catalina.servlets.DefaultServlet. 2. Details: Let say you have valid URL like

JSP source code exposure in Tomcat 4.x

2002-09-24 Thread Veniamin Fichin

Rossen Raykov wrote: Tomcat 4.x JSP source exposure security advisory 1. Summary Tomcat 4.0.4 and 4.1.10 (probably all other earlier versions also) are vulnerable to source code exposure by using the default servlet org.apache.catalina.servlets.DefaultServlet. --= [ cut ] =-- 3.

Re: JSP source code exposure in Tomcat 4.x

2002-09-24 Thread Remy Maucherat

Veniamin Fichin wrote: Rossen Raykov wrote: Tomcat 4.x JSP source exposure security advisory 1. Summary Tomcat 4.0.4 and 4.1.10 (probably all other earlier versions also) are vulnerable to source code exposure by using the default servlet org.apache.catalina.servlets.DefaultServlet.

Re: JSP source code exposure in Tomcat 4.x

JSP source code exposure in Tomcat 4.x

JSP source code exposure in Tomcat 4.x

Re: JSP source code exposure in Tomcat 4.x

4 matches

Site Navigation

Mail list logo

Footer information