https://bz.apache.org/bugzilla/show_bug.cgi?id=59243
muthukumar <muthukumar13402...@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|INVALID |--- --- Comment #2 from muthukumar <muthukumar13402...@gmail.com> --- I used RequestDispatcher in my app and the param for RequestDispatcher is coming from url parameter . If an attacker changes this parameter value to "/WEB-INF/web.xml" he can access my secret files . Do you proper solution??? -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org