On Sat, Jan 11, 2014 at 9:01 AM, Caldarale, Charles R <
chuck.caldar...@unisys.com> wrote:
> > From: Howard W. Smith, Jr. [mailto:smithh032...@gmail.com]
> > Subject: Re: "exception-message" header reveals path to document root in
> 404 response.
>
> > Wow
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Chuck,
On 1/11/14, 9:01 AM, Caldarale, Charles R wrote:
>> From: Howard W. Smith, Jr. [mailto:smithh032...@gmail.com]
>> Subject: Re: "exception-message" header reveals path to document
>> root in 404 response.
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
August,
On 1/10/14, 7:48 PM, August Kleimo wrote:
> Hi All, Thanks for all your replies. Turns out it was in fact
> Railo. I searched the Railo repo on GitHub and found a reference
> to that header. I was able to overwrite it with a blank string
> From: Howard W. Smith, Jr. [mailto:smithh032...@gmail.com]
> Subject: Re: "exception-message" header reveals path to document root in 404
> response.
> Wow, when I saw this last night, I shook my head and said to myself,
> Server: Apache-Coyote/1.1
> this may
On Fri, Jan 10, 2014 at 7:02 PM, Caldarale, Charles R <
chuck.caldar...@unisys.com> wrote:
> Here's Tomcat's standard 404 response:
>
> HTTP/1.1 404 Not Found
> Server: Apache-Coyote/1.1
> Content-Type: text/html;charset=utf-8
> Content-Length: 1027
> Date: Fri, 10 Jan 2014 23:59:34 GMT
>
Wow, wh
On 11/01/2014 00:02, Caldarale, Charles R wrote:
>> From: August Kleimo [mailto:aug...@kleimo.com]
>> Subject: "exception-message" header reveals path to document root in 404
>> response.
>
>> I'm failing a PCI compliance scan because my Tomcat Version
ved or not.
Warm Regards,
Jordan Michaels
On 01/10/2014 04:02 PM, Caldarale, Charles R wrote:
From: August Kleimo [mailto:aug...@kleimo.com]
Subject: "exception-message" header reveals path to document root in 404
response.
I'm failing a PCI compliance scan because my Tomcat
0/2014 04:02 PM, Caldarale, Charles R wrote:
>
>> From: August Kleimo [mailto:aug...@kleimo.com]
>>> Subject: "exception-message" header reveals path to document root in 404
>>> response.
>>>
>>
>> I'm failing a PCI compliance scan because m
ote:
From: August Kleimo [mailto:aug...@kleimo.com]
Subject: "exception-message" header reveals path to document root in 404
response.
I'm failing a PCI compliance scan because my Tomcat Version 7.0.20 server
is revealing the path to the document web root in an "exception-
es R wrote:
From: August Kleimo [mailto:aug...@kleimo.com]
Subject: "exception-message" header reveals path to document root in 404
response.
I'm failing a PCI compliance scan because my Tomcat Version 7.0.20 server
is revealing the path to the document web root in an "exc
Thanks, Perhaps it's coming from Railo then. I'll investigate down that
path.
On Fri, Jan 10, 2014 at 3:56 PM, Mark Eggers wrote:
> On 1/10/2014 3:28 PM, August Kleimo wrote:
>
>> I'm failing a PCI compliance scan because my Tomcat Version 7.0.20 server
>> is revealing the path to the document
> From: August Kleimo [mailto:aug...@kleimo.com]
> Subject: "exception-message" header reveals path to document root in 404
> response.
> I'm failing a PCI compliance scan because my Tomcat Version 7.0.20 server
> is revealing the path to the document web root in a
On 1/10/2014 3:28 PM, August Kleimo wrote:
I'm failing a PCI compliance scan because my Tomcat Version 7.0.20 server
is revealing the path to the document web root in an "exception-message"
header when a missing page is requested.
Does anyone know of way to get rid of this header from the respon
I'm failing a PCI compliance scan because my Tomcat Version 7.0.20 server
is revealing the path to the document web root in an "exception-message"
header when a missing page is requested.
Does anyone know of way to get rid of this header from the response?
Note: I'm running Railo 4.1.2 on top of
14 matches
Mail list logo
