[27170] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: JSP source code exposure in Tomcat 4.x

daemon@ATHENA.MIT.EDU (DominusQ)
Tue Sep 24 13:27:05 2002

Date: Tue, 24 Sep 2002 18:19:09 +0200
From: DominusQ <dominusq@unixpimp.dk>
To: Rossen Raykov <Rossen.Raykov@CognicaseUSA.com>
Message-Id: <20020924181909.202a85fc.dominusq@unixpimp.dk>
In-Reply-To: <B978FD4A99D0BB449E96C502B7E3993B64390E@MAIL>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

On Tue, 24 Sep 2002 10:12:44 -0400
Rossen Raykov <Rossen.Raykov@CognicaseUSA.com> wrote:
> 	Tomcat 4.x JSP source exposure security advisory
> 
> 1. Summary
> Tomcat 4.0.4 and 4.1.10 (probably all other earlier versions also) are
> vulnerable to source code exposure by using the default servlet
> org.apache.catalina.servlets.DefaultServlet.

3.2.x versions doesn't seem to be vulnerable to this, but indeed the
4.1.x versions are.


-- 
Information is bliss! give it a try!


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[27170] in bugtraq

Re: JSP source code exposure in Tomcat 4.x

daemon@ATHENA.MIT.EDU (DominusQ)Tue Sep 24 13:27:05 2002

daemon@ATHENA.MIT.EDU (DominusQ)
Tue Sep 24 13:27:05 2002