security hole on windows tomcat?

Paul Sundling(\"Webdaddy\") Mon, 11 Aug 2003 23:33:07 -0700

I came across what appears to be a security hole when running tomcat. I'm not sure how widespread it is, but my linux server is safe, yet my windows XP, tomcat 4.1.24 is vulnerable.

I found that if you append %20 to a jsp page it shows the source code instead of displaying the page:

http://192.168.1.54:8080/index.jsp  <shows page as expected>
http://192.168.1.54:8080/index.jsp%20 <shows source code of index.jsp>

So how widespread is this?

Paul Sundling


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

security hole on windows tomcat?

Reply via email to