Hi,
I use Tomcat 4.1.18 on win2k and it seems to be safe, I also tested that
with Tomcat 4.0.1 on Redhat and it was ok too..
----- Original Message -----
From: "Paul Sundling("Webdaddy")" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, August 10, 2003 7:00 AM
Subject: security hole on windows tomcat?
> I came across what appears to be a security hole when running tomcat.
> I'm not sure how widespread it is, but my linux server is safe, yet my
> windows XP, tomcat 4.1.24 is vulnerable.
>
> I found that if you append %20 to a jsp page it shows the source code
> instead of displaying the page:
>
> http://192.168.1.54:8080/index.jsp <shows page as expected>
> http://192.168.1.54:8080/index.jsp%20 <shows source code of index.jsp>
>
> So how widespread is this?
>
> Paul Sundling
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
