> 3.2 Workaround:
> There are at least two ways to protect from this vulnerability.
> A. Tomcat in tandem with HTTP server front-end:
> If you are using front-end HTTP server you can filter all
> requests with the pattern */servlet/org.apache.catalina.servlets.DefaultServlet*
> b. If you are usin
Veniamin Fichin wrote:
> Rossen Raykov wrote:
>
>> Tomcat 4.x JSP source exposure security advisory
>>
>> 1. Summary
>> Tomcat 4.0.4 and 4.1.10 (probably all other earlier versions also) are
>> vulnerable to source code exposure by using the default servlet
>> org.apache.catalina.servlets.Def
Rossen Raykov wrote:
> Tomcat 4.x JSP source exposure security advisory
>
> 1. Summary
> Tomcat 4.0.4 and 4.1.10 (probably all other earlier versions also) are
> vulnerable to source code exposure by using the default servlet
> org.apache.catalina.servlets.DefaultServlet.
--= [ cut ] =--
>
Tomcat 4.x JSP source exposure security advisory
1. Summary
Tomcat 4.0.4 and 4.1.10 (probably all other earlier versions also) are
vulnerable to source code exposure by using the default servlet
org.apache.catalina.servlets.DefaultServlet.
2. Details:
Let say you have valid URL like htt