Bugtraq mailing list archives
Re: JSP source code exposure in Tomcat 4.x
From: DominusQ <dominusq () unixpimp dk>
Date: Tue, 24 Sep 2002 18:19:09 +0200
On Tue, 24 Sep 2002 10:12:44 -0400 Rossen Raykov <Rossen.Raykov () CognicaseUSA com> wrote:
Tomcat 4.x JSP source exposure security advisory 1. Summary Tomcat 4.0.4 and 4.1.10 (probably all other earlier versions also) are vulnerable to source code exposure by using the default servlet org.apache.catalina.servlets.DefaultServlet.
3.2.x versions doesn't seem to be vulnerable to this, but indeed the 4.1.x versions are. -- Information is bliss! give it a try!
Current thread:
- JSP source code exposure in Tomcat 4.x Rossen Raykov (Sep 24)
- Re: JSP source code exposure in Tomcat 4.x DominusQ (Sep 24)
- Re: JSP source code exposure in Tomcat 4.x Marcin Jackowski (Sep 24)
- RE: JSP source code exposure in Tomcat 4.x Martin Robson (Sep 25)