Bug report #682 has just been filed. You can view the report at the following URL: <http://znutar.cortexity.com/BugRatViewer/ShowReport/682> REPORT #682 Details. Project: Catalina Category: Bug Report SubCategory: New Bug Report Class: swbug State: received Priority: high Severity: critical Confidence: public Environment: Release: m5 JVM Release: ANY Operating System: ANY OS Release: ANY Platform: ANY Synopsis: Security Issue? Important attributes exposed by ServletContext can be modified Description: Hi: The attributes such as "org.apache.catalina.classloader", "org.apache.catalina.jsp_classpath" are exposed through ServletContext and can be easily modified. No security violation is generated and anybody with an application installed on the web server can modify these variables. Is n't it a security problem for Tomcat? Thanks -RameshTitle: BugRat Report # 682
BugRat Report # 682
| Project: Catalina | Release: m5 |
| Category: Bug Report | SubCategory: New Bug Report |
| Class: swbug | State: received |
| Priority: high | Severity: critical |
|
Confidence:
public
|
Submitter:
Ramesh. Mandava ( [EMAIL PROTECTED] )
Date Submitted:
Jan 1 2001, 10:52:11 CST
Responsible:
Z_Tomcat Alias ( [EMAIL PROTECTED] )
- Synopsis:
- Security Issue? Important attributes exposed by ServletContext can be modified
- Environment: (jvm, os, osrel, platform)
- ANY, ANY, ANY, ANY
- Additional Environment Description:
- Report Description:
- Hi: The attributes such as "org.apache.catalina.classloader", "org.apache.catalina.jsp_classpath" are exposed through ServletContext and can be easily modified. No security violation is generated and anybody with an application installed on the web server can modify these variables. Is n't it a security problem for Tomcat? Thanks -Ramesh
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
