Re: Security issues with Tomcat 3.2.x

2001-08-23 Thread RoMaN SoFt / LLFB !!
On Wed, 22 Aug 2001 09:41:04 -0500, you wrote: >JkMount /*.jsp ajp13 Yes, this solves my problem. But I think this issue should be documented. I remember having read about this command for telling Apache to forward *all* .jsp pages to Tomcat, but I haven't seen any advice for preventing the "//

Re: Security issues with Tomcat 3.2.x

2001-08-22 Thread RoMaN SoFt / LLFB !!
On Tue, 21 Aug 2001 09:47:33 -0500, you wrote: >The problem is that Apache is serving the file and not forwarding the >request to Tomcat. Tomcat would *not* return the JSP contents for this URL, >it would return a 404 error. Yes, it could be but... >I've heard this same problem from another u

RE: Security issues with Tomcat 3.2.x

2001-08-21 Thread Marc Saegesser
p to an outside party then you have to make sure that party obeys all the same rules. Marc Saegesser > -Original Message- > From: RoMaN SoFt / LLFB !! [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, August 21, 2001 7:40 AM > To: [EMAIL PROTECTED] > Subject: Security issues

Security issues with Tomcat 3.2.x

2001-08-21 Thread RoMaN SoFt / LLFB !!
Hi. I'm using Jakarta Tomcat 3.2.2 with Apache 1.3.20 / mod_jk (Linux) and I have some security-related questions: 1) I've read 3.2.3 is the latest available version for 3.2.x branch and that it covers a security issue. What's about this security issue and where could I read more about this i