Nope, but this mime mapping exists.
<mime-mapping>
<extension>jspf</extension>
<mime-type>text/plain</mime-type>
</mime-mapping>
> -----Original Message-----
> From: Cox, Charlie [mailto:[EMAIL PROTECTED]
> Sent: Monday, August 11, 2003 12:15 PM
> To: 'Tomcat Users List'
> Subject: RE: security hole on windows tomcat?
>
>
> did you change any mime-mappings in conf/web.xml? could you
> have a "jsp " in
> there somewhere defining it as text?
>
> > -----Original Message-----
> > From: Angus Mezick [mailto:[EMAIL PROTECTED]
> > Sent: Monday, August 11, 2003 12:15 PM
> > To: Tomcat Users List
> > Subject: RE: security hole on windows tomcat?
> >
> >
> > Ok guys,
> > What could I have turned on that would have allowed this bug
> > to happen?
> > I can make it happen in both tomcat and tomcat through
> apache. (Most
> > recent of both) I can provide a site where it DOES happen
> so you guys
> > can see what is happening.
> >
> > > -----Original Message-----
> > > From: Cox, Charlie [mailto:[EMAIL PROTECTED]
> > > Sent: Monday, August 11, 2003 12:07 PM
> > > To: 'Tomcat Users List'
> > > Subject: RE: security hole on windows tomcat?
> > >
> > >
> > > sorry, I don't know - I don't use Apache. This was just a
> > > thought that I
> > > had.
> > >
> > > I do not have this problem 4.1.24 on Win2k
> > >
> > > Charlie
> > >
> > > > -----Original Message-----
> > > > From: Angus Mezick [mailto:[EMAIL PROTECTED]
> > > > Sent: Monday, August 11, 2003 11:49 AM
> > > > To: Tomcat Users List
> > > > Subject: RE: security hole on windows tomcat?
> > > >
> > > >
> > > > Charlie,
> > > > How do you fix this within apache?
> > > >
> > > > > -----Original Message-----
> > > > > From: Cox, Charlie [mailto:[EMAIL PROTECTED]
> > > > > Sent: Monday, August 11, 2003 10:15 AM
> > > > > To: 'Tomcat Users List'
> > > > > Subject: RE: security hole on windows tomcat?
> > > > >
> > > > >
> > > > > do you have apache on the front end and are you only mapping
> > > > > *.jsp where
> > > > > *.jsp%20 is not a match and apache would then serve the
> > > > file as text?
> > > > >
> > > > > Charlie
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: John Turner [mailto:[EMAIL PROTECTED]
> > > > > > Sent: Monday, August 11, 2003 9:22 AM
> > > > > > To: Tomcat Users List
> > > > > > Subject: Re: security hole on windows tomcat?
> > > > > >
> > > > > >
> > > > > >
> > > > > > Appending "%20" to my Tomcat 4.1.1x URLs generates a 404.
> > > > > >
> > > > > > John
> > > > > >
> > > > > > Paul Sundling("Webdaddy") wrote:
> > > > > >
> > > > > > > I came across what appears to be a security hole when
> > > > > > running tomcat.
> > > > > > > I'm not sure how widespread it is, but my linux server is
> > > > > > safe, yet my
> > > > > > > windows XP, tomcat 4.1.24 is vulnerable.
> > > > > > >
> > > > > > > I found that if you append %20 to a jsp page it shows the
> > > > > > source code
> > > > > > > instead of displaying the page:
> > > > > > >
> > > > > > > http://192.168.1.54:8080/index.jsp <shows page
> as expected>
> > > > > > > http://192.168.1.54:8080/index.jsp%20 <shows
> source code of
> > > > > > index.jsp>
> > > > > > >
> > > > > > > So how widespread is this?
> > > > > > >
> > > > > > > Paul Sundling
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> ---------------------------------------------------------------------
> > > > > > > To unsubscribe, e-mail:
> > > > [EMAIL PROTECTED]
> > > > > > > For additional commands, e-mail:
> > > > > [EMAIL PROTECTED]
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> ---------------------------------------------------------------------
> > > > > > To unsubscribe, e-mail:
> > > [EMAIL PROTECTED]
> > > > > > For additional commands, e-mail:
> > > > [EMAIL PROTECTED]
> > > > > >
> > > > >
> > > > >
> > > >
> > >
> >
> ---------------------------------------------------------------------
> > > > > To unsubscribe, e-mail:
> > [EMAIL PROTECTED]
> > > > > For additional commands, e-mail:
> > > [EMAIL PROTECTED]
> > > > >
> > > > >
> > > >
> > > >
> > >
> >
> ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> > > > For additional commands, e-mail:
> > [EMAIL PROTECTED]
> > > >
> > >
> > >
> >
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail:
> [EMAIL PROTECTED]
> > >
> > >
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
