Apache Tomcat Web Root Path Disclosure Vulnerability
Hello, One of our customers running Apache Tomcat version 4.1.29 ran some type of a vulnerability scanner which detected an "Apache Tomcat Web Root Path Disclosure Vulnerability". Did some research on the net and many sites mentioned that this vulnerability only affected 4.0.3. But I want to get confirmation from this forum. Thanks. Vineet BhatiaTechnical Support Engineering MailFrontier, Inc.http://www.MailFrontier.com Please leave original e-mail in place when replying.
Apache Tomcat Web Root Path Disclosure Vulnerability
is there a way to solve this problem : A vulnerability has been reported for Apache Tomcat 4.0.3 on a Microsoft Windows platform. Reportedly, it is possible for a remote attacker to make requests that will result in Apache Tomcat returning an error page containing information that includes the absolute path to the server's web root. For example, submitting a request for LPT9 to Tomcat will result in the following error message: java.io.FileNotFoundException: C:\Program Files\Apache Tomcat 4.0\webapps\ROOT\lpt9 (The system cannot find the file specified)
Re: Apache Tomcat Web Root Path Disclosure Vulnerability
can't we just catch this exception and return a customised error page! I have not tried this has anyone else tried this or something else? -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]