Hi There,
I am verifying the fix that you made for CVE-2015-5345 & it appears to be
not fixed. I might be doing something wrong & hence sending out this email
to you.
All i did was,
a) Downloaded & installed the latest tomcat build 7.0.68.
b) Added the following context attribute to manager webapp just for testing
-
File: $CATALINA_HOME\webapps\manager\META-INF\context.xml
<Context mapperContextRootRedirectEnabled="false"
antiResourceLocking="false" privileged="true">
c) When i access http://localhost/8080/manager/images, it still gets
redirected to /images/ there by confirming the folder location. Same thing
happens when accessing /manager/index.jsp too.
Am i missing anything here ? Please help me understand the exact fix for
this issue.
regards
Harish Krishnan
