After additional review, it has been discovered that the security bug fixed
in Tomcat 4.0.3 was more severe than originally though, and can be used to
remotely browse the server filesystem.
To exploit this bug, an attacker would require that some user modifiable
data (like a form POST data, or a
Heads up Tomcatters ...
Richard
Remy Maucherat wrote:
> After additional review, it has been discovered that the security bug fixed
> in Tomcat 4.0.3 was more severe than originally though, and can be used to
> remotely browse the server filesystem.
>
> To exploit this bug, an attacker would re
