-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dave,
Dave Girardin wrote: | Thanks so much Mark. As you suspected it was disabled so I suspect the | security scan is in error. I'll check the web page to be sure though. The scan probably just determines the version of TC running and then spits out all the known vulnerabilities of that server, rather than actually attempting to demonstrate the vulnerability. You can prove to yourself that directory indexes are turned off by visiting a directory that has no welcome-file, and verify that you get a 404 or 403 error. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhWxQ4ACgkQ9CaO5/Lv0PA9dwCgrm06k+vYKzfby5hgvk0yIIPe /PwAn0mCVl90iq7Dbkr3c5mwoBqCvO1j =FdhT -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]