The syndrome is that when typing:
http://myurl:8080/myfile.jsp%20
http://myurl:8080/myfile.jsp%20
The JSP code is delivered to the client.
I have checked this on the followed platforms:
Win2k server (SP3)
JRE 1.4.2 (b28)
IIS 5/Tomcat HTTP 1.1 connector
It works but it is not consistent
Hi,
I am using Tomcat 4.0.4 with IIS 5, configured with the jakarta filter dll
to pass request according to the uriworkersmap.properties file.
I have discovered that when using number of consecutive slashes with IIS
before the virtual directory name, the jakarta filter does not recognize The
Hi all,
There is a security bug reported at:
http://www.westpoint.ltd.uk/advisories/wp-02-0002.txt
Which encounter the possibility to retrieve configuration files from tomcat
WEB-INF directory,
Through web servers used to route requests to tomcat.
In the IIS the isapi_redirect.dll Protects us
Hi,
I invoked the TomCat 4.0.4 with the security manager default policy
(catalina.policy).
The thing is that I could invoke all the servlets,jsp's and html files which
are in my webapps although i specify no access permission to those webapps.
How can I disable specific classes/jsp/html from
Hi,
I configured my TomCat to enable basic authentication on one of my context.
When accessing the servlet via the TomCat webserver (port 8080) the
authentication works fine.
Then I configured an IIS server to filter the http requests with the
isapi_redirect.dll.
Now when trying to access the