On 07/03/2016 20:23, Harish Krishnan wrote:
> Hi There,
>  I am verifying the fix that you made for CVE-2015-5345 & it appears to be
> not fixed. I might be doing something wrong & hence sending out this email
> to you.
> All i did was,
> a) Downloaded & installed the latest tomcat build 7.0.68.
> b) Added the following context attribute to manager webapp just for testing
> -
>       File: $CATALINA_HOME\webapps\manager\META-INF\context.xml
>       <Context mapperContextRootRedirectEnabled="false"
> antiResourceLocking="false" privileged="true">
> c) When i access http://localhost/8080/manager/images, it still gets
> redirected to /images/ there by confirming the folder location. Same thing
> happens when accessing /manager/index.jsp too.
> Am i missing anything here ?

Yes. Look at the security constraints defined for the Manager application.


To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to