falva...@geocom.com.uy wrote:
...
Invoker: I know it is bad (even more than the overlord), probably don't know
how bad or the impact it has in usage, but for now it works.
I've read some about it, but never could really understand the problems it
brings.
http://wiki.apache.org/tomcat/FAQ/Miscellaneous#Q3
Basically, unless you are very very careful, it allows anyone, through a carefully crafted
request URL, to invoke this nasty class in this nasty jar, which does a "rm -r /*" or a
"cat /etc/my/secret/file" or whatever else is really nasty.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
