I just saw this with 4.1.24 on win2k as well. EXTREMELY disturbing! > -----Original Message----- > From: Mikko Hämäläinen [mailto:[EMAIL PROTECTED] > Sent: Monday, August 11, 2003 8:18 AM > To: Tomcat Users List > Subject: Re: security hole on windows tomcat? > > > Hi, > I use Tomcat 4.1.18 on win2k and it seems to be safe, I also > tested that > with Tomcat 4.0.1 on Redhat and it was ok too.. > > > ----- Original Message ----- > From: "Paul Sundling("Webdaddy")" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Sunday, August 10, 2003 7:00 AM > Subject: security hole on windows tomcat? > > > > I came across what appears to be a security hole when > running tomcat. > > I'm not sure how widespread it is, but my linux server is > safe, yet my > > windows XP, tomcat 4.1.24 is vulnerable. > > > > I found that if you append %20 to a jsp page it shows the > source code > > instead of displaying the page: > > > > http://192.168.1.54:8080/index.jsp <shows page as expected> > > http://192.168.1.54:8080/index.jsp%20 <shows source code of > index.jsp> > > > > So how widespread is this? > > > > Paul Sundling > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]