-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alec Berryman wrote: > CVE-2006-3835: "Apache Tomcat 5 before 5.5.17 allows remote attackers to > list directories via a semicolon (;) preceding a filename with a mapped > extension, as demonstrated by URLs ending with /;index.jsp and > /;help.do."
I can't reproduce the attack with tomcat5.5.15, I'm closing the bug. If you are able to reproduce the attack, thanks to re-open the bug. Cheers, - -- .''`. : :' :rnaud `. `' `- Java Trap: http://www.gnu.org/philosophy/java-trap.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEz2s44vzFZu62tMIRAu9hAJ9nodZhEIOot3mxd9SEBP1YzkAO9QCgl01W ijocRJRisINxwQ/Ts3sIZLA= =O5L0 -----END PGP SIGNATURE----- _______________________________________________ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers