This may be the problem with was talked about a while back.
Here are the contents of one of the e-mails:
From: "Asaf Barkan" <[EMAIL PROTECTED]>
To: "'Tomcat Users List'" <[EMAIL PROTECTED]>
Subject: security hole on windows/ Tomcat with JRE 1.4.2 (b28)
Date: Sun, 24 Aug 2003 18:04:23 +0300
The syndrome is that when typing:
http://myurl:8080/myfile.jsp%20
http://myurl:8080/myfile.jsp%20
The JSP code is delivered to the client.
I have checked this on the followed platforms:
Win2k server (SP3)
JRE 1.4.2 (b28)
IIS 5/Tomcat HTTP 1.1 connector
It works but it is not consistent (could be some race case).
BTW I have tried this on 1.4.2 (b2) and I could not compromise
this
hole.
I have encountered a discussion on a similar issue with a
recommendation to
add the following argument to the Tomcat string:
-Dsun.io.useCanonCaches=false
I have tried this and it solved the problem.
Can some tell me whether there are other solutions and what this
parameter
means ?
Thanks a lot
--- Annie Guo <[EMAIL PROTECTED]> wrote:
> I have seen that before with JDK not in the system path.
>
> -----Original Message-----
> From: Michael Mehrle [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, June 08, 2004 2:44 PM
> To: Tomcat Users List
> Subject: Re: JSP source being shown (not being executed)
>
>
> Actually, I'm not running Apache right now. This has something
> to do with my
> servlet context (*.html) not being sent to the JSP engine -
> it's treating it
> like regular HTML right now. Strange, since my other mappings
> seem to work
> fine (*.do).
>
> Michael
>
>
> ----- Original Message -----
> From: "Schalk" <[EMAIL PROTECTED]>
> To: "'Tomcat Users List'" <[EMAIL PROTECTED]>
> Sent: Tuesday, June 08, 2004 11:23 AM
> Subject: RE: JSP source being shown (not being executed)
>
>
> Just a thought but, if you are running both Apache and Tomcat,
> Apache is
> probably picking up the .html extension and tries to display
> the content of
> the file which will result in it displaying the code.
>
> Kind Regards
> Schalk Neethling
> Web Developer.Designer.Programmer.President
> Volume4.Development.Multimedia.Branding
> emotionalize.conceptualize.visualize.realize
> Tel: +27125468436
> Fax: +27125468436
> email:[EMAIL PROTECTED]
> web: www.volume4.com
>
> This message contains information that is considered to be
> sensitive or
> confidential and may not be forwarded or disclosed to any
> other party
> without the permission of the sender. If you received this
> message in error,
> please notify me immediately so that I can correct and delete
> the original
> email. Thank you.
>
> :: -----Original Message-----
> :: From: Michael Mehrle [mailto:[EMAIL PROTECTED]
> :: Sent: Tuesday, June 08, 2004 7:58 PM
> :: To: Tomcat Users List
> :: Subject: JSP source being shown (not being executed)
> ::
> :: For some reason my JSP source is being shown - it's not
> being compiled
> and
> :: executed. It might be worthwhile mentioning that I am
> mapping some
> servlet
> :: context as *.html, which redirects to this jsp - but it
> worked in another
> :: app of mine and inside my new app it doesn't work.
> ::
> :: I'm running Tomcat 5.0.26 btw.
> ::
> :: Any input would be welcome.
> ::
> :: Michael
> ::
> ::
> ::
>
---------------------------------------------------------------------
> :: To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> :: For additional commands, e-mail:
> [EMAIL PROTECTED]
>
>
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
>
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
>
=====
Norris Shelton
Software Engineer
Sun Certified Java 1.1 Programmer
Appriss, Inc.
ICQ# 26487421
AIM NorrisEShelton
YIM norrisshelton
__________________________________
Do you Yahoo!?
Friends. Fun. Try the all-new Yahoo! Messenger.
http://messenger.yahoo.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
