Re: Is Tomcat vulnerable to this exploit?

Craig R. McClanahan Fri, 05 Jul 2002 12:20:55 -0700


On Fri, 5 Jul 2002, George McKinney wrote:

> Date: Fri, 5 Jul 2002 12:26:37 -0700
> From: George McKinney <[EMAIL PROTECTED]>
> Reply-To: Tomcat Users List <[EMAIL PROTECTED]>,
>      [EMAIL PROTECTED]
> To: 'tomcat user list' <[EMAIL PROTECTED]>
> Subject: Is Tomcat vulnerable to this exploit?
>
> On jGuru, I saw mention of this vulnerability of some webapp containers:
> http://www.westpoint.ltd.uk/advisories/wp-02-0002.txt
>
> It doesn't mention any Tomcat versions. Can anyone tell me if Tomcat is NOT
> vulnerable to this one?
>

On Win2K, tested 4.0.4, 4.1.3, and 4.1.7.  In all cases, you get a 404
error on a URL like "http://localhost:8080/examples/WEB-INF./web.xml";.

> Thanks,
>
> George McKinney
>
>

Craig McClanahan



--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Re: Is Tomcat vulnerable to this exploit?

Reply via email to