Howdy,
I have a issue with Tomcat security, please find the spec below: Server version: Apache Tomcat/6.0.35 Server built: Nov 28 2011 11:20:06 Server number: 6.0.35.0 OS Name: SunOS OS Version: 5.10 Architecture: x86 JVM Version: 1.6.0_33-b03 JVM Vendor: Sun Microsystems Inc. For the problematic server, all files on the server are exposed to all users through http://<masterservice_IP>:8080/consistencycheck/servlet/TransformXML?xmlUrl=../../../../../<location_of_the_file> i.e. open Chrome, give http://10.45.224.55:8080/consistencycheck/servlet/TransformXML?xmlUrl=../../../../../var/adm/messages and press enter to see the server system log.. It happens with any browsers.. I was wondering if it is a security vulnerability of Tomcat 6.0.35, or it is a service config issue.. Can someone please have a look?.. Please let me know if any further info required.. Thanks & Regards, Wen
