Heavy Security Issue

[jonathan Davis <jonasdavis () yahoo com>]

Hi Guys!

My name is Jonathan, I am really pleased to let you
know that I love your security site, it really help us
the developers to find out many of our security
doubts.

One more time I am recurring for your help, the issue
is the following:

I have an apache server and an app. running on it, but
I recently found a little problem that consist in the
following:

- When I make a request for the following JSP for
example:
http://XX.XX.XX.XX:8081/en/dynapage/scripts/page.jsp
the Jsp is interpreted and the request is successful
an html is displayed in the browser.

- But at the time I add a forward slash ether after
the "en" or "dynapage" for example request must look
as the following:
http://XX.XX.XX.XX:8081/en//dynapage/scripts/page.jsp
http://XX.XX.XX.XX:8081//en/dynapage/scripts/page.jsp
what I get is a "download file" window that lets me
download the .jsp file and view the source code :(

Could you please help me know if this is a missing
configuration in my apache httpd or if is a bug of
this same technology.

Thank you in advance guys!
hope to hear you soon

Jonathan Orlando


                
____________________________________________________
Start your day with Yahoo! - make it your home page 
http://www.yahoo.com/r/hs