This is with Tomcat 5.0.27.
When using the tomcat without Apache on jsp files, referencing files with
../../ (dot dot) parent directories works.
But when using server, it does not work. But using hard-coded paths does
fix the problem.
I read about the security issues about the Apache Tomcat 3.0 Directory
Traversal Vulnerability -- allowing access to files outside of document
root.
Did the fix for this stop "dot dot" from working even if within document
root?
Is there any configuration directive to allow it to work within the
document root?
If this a FAQ or in the documentation, please point me to it.
I also could not find any changelogs nor the patch for 3.2.2b2 to see what
changed.
(By the way, I don't know Tomcat nor JSP. I do know Apache. I am posting
this for someone else.)
Jeremy C. Reed
BSD News, BSD tutorials, BSD links
http://www.bsdnewsletter.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
