> > > Tomcat 3.2 final has the following security vulnerabilities that have > > > subsequently been fixed in the CVS repository: > > > * A URL like "http://localhost:8080/examples//WEB-INF/web.xml" can > > > expose sensitive information (note the double slash after "examples"). > > > * The "Show Source" custom tag used to display JSP source code can > > > be used to expose sensitive information in WEB-INF. > > > I was not privi to a few of the original posts regarding this. Is the vulnerability only exposed if one can access the tomcat port directly? So if I blocked all access to say port 9090 (where my tomcat port is) from any foreign machines, then it is safe? Or is the vulnerability exposed even when accessing tomcat via apache port 80? -- Freddie Mendoza [EMAIL PROTECTED]
- [SECURITY] Security Vulnerabilities in Tomcat 3.1 and ... Craig R. McClanahan
- Re: [SECURITY] Security Vulnerabilities in Tomcat... Remy Maucherat
- Re: [SECURITY] Security Vulnerabilities in Tomcat... Hans Bergsten
- Re: [SECURITY] Security Vulnerabilities in To... Craig R. McClanahan
- Re: [SECURITY] Security Vulnerabilities i... Jon Stevens
- [PATCH] Jakarta site release page (was: [SECU... Kief Morris
- Re: [SECURITY] Security Vulnerabilities in Tomcat... Jon Stevens
- Re: [SECURITY] Security Vulnerabilities in Tomcat... Nick Bauman
- Re: [SECURITY] Security Vulnerabilities in To... Craig R. McClanahan
- Re: [SECURITY] Security Vulnerabilities in Tomcat... Glenn Nielsen
- Re: [SECURITY] Security Vulnerabilities in To... Craig R. McClanahan
- Re: [SECURITY] Security Vulnerabilities i... Glenn Nielsen
- RE: [SECURITY] Security Vulnerabilities in Tomcat... Larry Isaacs
- RE: [SECURITY] Security Vulnerabilities in Tomcat... GOMEZ Henri
- RE: [SECURITY] Security Vulnerabilities in Tomcat... Brett Bergquist
- Re: [SECURITY] Security Vulnerabilities in Tomcat... Arieh Markel
- Re: [SECURITY] Security Vulnerabilities in Tomcat... Mike Anderson
- RE: [SECURITY] Security Vulnerabilities in Tomcat... Steve Downey