> From: Christopher Schultz [mailto:[EMAIL PROTECTED] > <tents fingers>The internal IP address of the server is ... > 192.168.1.100! Nobody would have ever guessed that! > Excellent! Now I can > take over the world! Muahahaha!</tents fingers>
*Chuckle* Chris, all you need now is the white cat and the secret base in the garden shed. You might not be able to take over the world, but you might be able to take over the server more easily if you can crack something else on the same internal network. The OP's correct that it's an information disclosure vulnerability, though I'm not sure whether it's present in Tomcat's error pages. Certainly if you're going through the checklist of "generic" vuls so that you can demonstrate your installation is hardened against those attacks, it's fair to ask whether Tomcat's susceptible. - Peter --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]