Hi,
I've been reading the recent security reports concerning TOMCAT and I'm a little bit
confused, so I'm hoping someone can explain them to me.
I saw where you can walk the directory structure of your TOMCAT server. From what I
seen, the problem was on a WIN2K box with 3.2.1 using the TOMCAT web server. I also
read you can download your .jsp files. Here again it seems this problem is evident
with the TOMCAT web sever. Later messages reported this problem with 4.02Beta.
Somewhere, the thread was lost and I can't piece all of it together. Therefor, I need
to know if I have a problem with my configuration.
My configuration consist of Solaris 2.6, Apache 1.3.9 and Tomcat 3.2.1. Tomcat has
been intergrated within our Apache web server. But, I do start the TOMCAT server.
Also, should I upgrade to the latest Beta version to be more secure? Is there
anything I have to do to my jsp scripts if I upgrade?
Finally, could someone give me a good detail explanation of the security issues with
TOMCAT?
Dave Ansalvish
