The mime-mappings in web.xml look like:
mime-mapping
extensiondoc/extension
mime-typeapplication/msword/mime-type
/mime-mapping
Which works fine if your document is named foo.doc, but fails
miserably for foo.Doc, foo.DOC, etc. Is there a way to configure
Tomcat so that the
vulnerability where someone
might be able to see the source code of a jsp file by accessing it as
.Jsp or .JSP
-Original Message-
From: Joel McKee Cooper [EMAIL PROTECTED]
To: users@tomcat.apache.org
Sent: Tue, 2 Sep 2008 10:20 pm
Subject: case (in)sensitive mime-mapping
The mime