Mr. Sundling: i'm running tomcat 4.1.27 and that does not appear to be an issue. I used "http://localhost:8080/jweb/left.jsp%20"; as my url.
-----Original Message----- From: Spam Email [mailto:[EMAIL PROTECTED] Sent: Sunday, August 10, 2003 4:18 PM To: [EMAIL PROTECTED] Subject: security hole on windows tomcat? I came across what appears to be a security hole when running tomcat. I'm not sure how widespread it is, but my linux server is safe, yet my windows XP, tomcat 4.1.24 is vulnerable. I found that if you append %20 to a jsp page it shows the source code instead of displaying the page: http://192.168.1.54:8080/index.jsp <shows page as expected> http://192.168.1.54:8080/index.jsp%20 <shows source code of index.jsp> So how widespread is this? Paul Sundling --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
