WebApp Sec mailing list archives
Heavy Security Issue
From: jonathan Davis <jonasdavis () yahoo com>
Date: Wed, 3 Aug 2005 10:44:17 -0700 (PDT)
Hi Guys! My name is Jonathan, I am really pleased to let you know that I love your security site, it really help us the developers to find out many of our security doubts. One more time I am recurring for your help, the issue is the following: I have an apache server and an app. running on it, but I recently found a little problem that consist in the following: - When I make a request for the following JSP for example: http://XX.XX.XX.XX:8081/en/dynapage/scripts/page.jsp the Jsp is interpreted and the request is successful an html is displayed in the browser. - But at the time I add a forward slash ether after the "en" or "dynapage" for example request must look as the following: http://XX.XX.XX.XX:8081/en//dynapage/scripts/page.jsp http://XX.XX.XX.XX:8081//en/dynapage/scripts/page.jsp what I get is a "download file" window that lets me download the .jsp file and view the source code :( Could you please help me know if this is a missing configuration in my apache httpd or if is a bug of this same technology. Thank you in advance guys! hope to hear you soon Jonathan Orlando ____________________________________________________ Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs
Current thread:
- Heavy Security Issue jonathan Davis (Aug 03)
- Re: Heavy Security Issue Saqib Ali (Aug 03)
- Re: Heavy Security Issue Dan Simon (Aug 04)
- Re: Heavy Security Issue Marco Caramma (Aug 04)