Bugtraq mailing list archives

Re: JSP source code exposure in Tomcat 4.x

From: DominusQ <dominusq () unixpimp dk>
Date: Tue, 24 Sep 2002 18:19:09 +0200

On Tue, 24 Sep 2002 10:12:44 -0400
Rossen Raykov <Rossen.Raykov () CognicaseUSA com> wrote:

      Tomcat 4.x JSP source exposure security advisory

1. Summary
Tomcat 4.0.4 and 4.1.10 (probably all other earlier versions also) are
vulnerable to source code exposure by using the default servlet
org.apache.catalina.servlets.DefaultServlet.


3.2.x versions doesn't seem to be vulnerable to this, but indeed the
4.1.x versions are.


-- 
Information is bliss! give it a try!

Current thread:

JSP source code exposure in Tomcat 4.x Rossen Raykov (Sep 24)
- Re: JSP source code exposure in Tomcat 4.x DominusQ (Sep 24)
- Re: JSP source code exposure in Tomcat 4.x Marcin Jackowski (Sep 24)
  - RE: JSP source code exposure in Tomcat 4.x Martin Robson (Sep 25)