On 07/03/2016 20:23, Harish Krishnan wrote: > Hi There, > > I am verifying the fix that you made for CVE-2015-5345 & it appears to be > not fixed. I might be doing something wrong & hence sending out this email > to you. > All i did was, > a) Downloaded & installed the latest tomcat build 7.0.68. > b) Added the following context attribute to manager webapp just for testing > - > File: $CATALINA_HOME\webapps\manager\META-INF\context.xml > <Context mapperContextRootRedirectEnabled="false" > antiResourceLocking="false" privileged="true"> > c) When i access http://localhost/8080/manager/images, it still gets > redirected to /images/ there by confirming the folder location. Same thing > happens when accessing /manager/index.jsp too. > > Am i missing anything here ?
Yes. Look at the security constraints defined for the Manager application. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
