Paul
John Turner wrote:
Appending "%20" to my Tomcat 4.1.1x URLs generates a 404.
John
Paul Sundling("Webdaddy") wrote:
I came across what appears to be a security hole when running tomcat. I'm not sure how widespread it is, but my linux server is safe, yet my windows XP, tomcat 4.1.24 is vulnerable.
I found that if you append %20 to a jsp page it shows the source code instead of displaying the page:
http://192.168.1.54:8080/index.jsp <shows page as expected> http://192.168.1.54:8080/index.jsp%20 <shows source code of index.jsp>
So how widespread is this?
Paul Sundling
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]