Hi team, Any help on this ?
Further this exe(*abc.exe*) downloads when i hit on the url* http://server_name/abc.exe/ <http://server_name/abc.exe/> * and is happening only in *Tomcat *not with *IIS*. Tomcat : *http://<server_name:Port>/abc.exe* -- exe is not getting downloaded *http://<server_name:Port>/abc.exe/* -- exe is getting downloaded on the browser where we hit IIS: *http://<server_name:Port>/abc.exe/ - No issue* *http://<server_name:Port>/abc.exe - **No issue* My Intention is not to download the abc.exe ... I have a CGI application(abc.exe) that opens up my application Below is my web.xml configuration: <servlet-mapping> <servlet-name>abc</servlet-name> <url-pattern>/abc.exe</url-pattern> </servlet-mapping> Can you please help how to stop downloading the CGI application( *http://<server_name:Port>/abc.exe/* ) from being downloading (I am trying to fix the CGI Vulnerability) Thanks, Bharath On Mon, Jun 20, 2022 at 4:42 PM Thomas Hoffmann (Speed4Trade GmbH) <thomas.hoffm...@speed4trade.com.invalid> wrote: > Hello, > > maybe this stackoverflow page helps already: > > https://stackoverflow.com/questions/9862746/restrict-allow-file-access-in-tomcat-based-on-file-extension-via-whitelist > > Your snippet of the web.xml is just a configuration if an unknown servlet. > If the corresponding servlet is custom, you need to get in touch with the > developer. > > Greetings, > Thomas > > > -----Ursprüngliche Nachricht----- > > Von: bharath Kumar <bharathkris...@gmail.com> > > Gesendet: Montag, 20. Juni 2022 12:43 > > An: Tomcat Users List <users@tomcat.apache.org> > > Betreff: Re: Apache Tomcat 8 - Require Tomcat configuration to restrict > exe's > > from downloading > > > > Sure Olaf will update it > > > > On Mon, Jun 20, 2022 at 3:33 PM Olaf Kock <tom...@olafkock.de> wrote: > > > > > > > > On 20.06.22 11:51, bharath Kumar wrote: > > > > Hi Team, > > > > > > > > I am using apache Tomcat 8 version, > > > > > > > > *Problem statement: * > > > > > > > > My application's accessible URL format is > > > > *http://<server_name>/abc/xyz.exe* > > > > > > A good way to get the question answered would be to answer the > > > comments on your identical Stackoverflow post > > > > > > https://stackoverflow.com/q/72658556/13447 > > > > > > If someone is asking for clarification, that's typically because they > > > need more information and it typically doesn't help asking elsewhere > > > without providing that additional information. And abandoning the > > > original place isn't too helpful as well. > > > > > > Also: Please don't crosspost without referencing all places where you > > > posted - otherwise you're just generating duplicate work as nobody > > > knows what has already been discussed elsewhere. > > > > > > Thank you, > > > > > > Olaf > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org >
