esday, September 24, 2002 12:30 PM
To: [EMAIL PROTECTED]
Subject: Re: JSP source code exposure in Tomcat 4.x
[...]
>
> 3.2 Workaround:
[...]
Quicker (brute) method - remove completely
$TOMCAT_HOME/server/lib/servlets-default.jar.
The server complains but applications seem to work correctly (un
[...]
>
> 3.2 Workaround:
[...]
Quicker (brute) method - remove completely
$TOMCAT_HOME/server/lib/servlets-default.jar.
The server complains but applications seem to work correctly
(unless you're using it).
Stated for Tomcat version 4.0.1, 4.0.4 and 4.1.10.
Marcin Jackowski
On Tue, 24 Sep 2002 10:12:44 -0400
Rossen Raykov <[EMAIL PROTECTED]> wrote:
> Tomcat 4.x JSP source exposure security advisory
>
> 1. Summary
> Tomcat 4.0.4 and 4.1.10 (probably all other earlier versions also) are
> vulnerable to source code exposure by using the default servlet
> org.apac
Tomcat 4.x JSP source exposure security advisory
1. Summary
Tomcat 4.0.4 and 4.1.10 (probably all other earlier versions also) are
vulnerable to source code exposure by using the default servlet
org.apache.catalina.servlets.DefaultServlet.
2. Details:
Let say you have valid URL like htt