Re: How to set restrictions on the retreival of files from some directories

: "Alla Winter" <[EMAIL PROTECTED]> To: Date: Thu, 17 Nov 2005 14:19:13 -0600 Subject: How to set restrictions on the retreival of files from some directories BY default it is possible to retrieve files located under the 'WEB-INF' directory. For example: www.someserv

Re: How to set restrictions on the retreival of files from some directories

5.7 did not. > > -Original Message- > From: "Alla Winter" <[EMAIL PROTECTED]> > To: > Date: Thu, 17 Nov 2005 14:19:13 -0600 > Subject: How to set restrictions on the retreival of files from some > directories > > > BY default it is possible to retr

Re: How to set restrictions on the retreival of files from some directories

Upgrade. In a short test on two of my servers, 5.0.28 on windows has this WEB-INF. vulnerability, but 5.5.7 did not. -Original Message- From: "Alla Winter" <[EMAIL PROTECTED]> To: Date: Thu, 17 Nov 2005 14:19:13 -0600 Subject: How to set restrictions on the retreival of

Re: How to set restrictions on the retreival of files from some directories

On Thu, Nov 17, 2005 at 02:19:13PM -0600, Alla Winter wrote: > BY default it is possible to retrieve files located under the 'WEB-INF' > directory. For example: www.someserver.com/WEB-INF./web.xml or > www.someserver.com/WEB-INF./classes/MySer >

Re: How to set restrictions on the retreival of files from some directories

Alla Winter wrote: > BY default it is possible to retrieve files located under the 'WEB-INF' > directory. No, it's not -- that's mandated in the servlet spec (SRV 9.5). For example: www.someserver.com/WEB-INF./web.xml or > www.someserver.com/WEB-INF./classes/MySer >

How to set restrictions on the retreival of files from some directories

BY default it is possible to retrieve files located under the 'WEB-INF' directory. For example: www.someserver.com/WEB-INF./web.xml or www.someserver.com/WEB-INF./classes/MySer vlet.class What needs to be done to prevent it ? Why s