http://nagoya.apache.org/bugzilla/show_bug.cgi?id=389
*** shadow/389 Mon Mar 12 13:27:37 2001
--- shadow/389.tmp.1035 Mon Mar 12 13:27:37 2001
***************
*** 0 ****
--- 1,22 ----
+ +============================================================================+
+ | Security Issue? Important attributes exposed by ServletContext can be modi |
+ +----------------------------------------------------------------------------+
+ | Bug #: 389 Product: Tomcat 4 |
+ | Status: UNCONFIRMED Version: 4.0 Beta 1 |
+ | Resolution: Platform: All |
+ | Severity: Normal OS/Version: All |
+ | Priority: High Component: Catalina |
+ +----------------------------------------------------------------------------+
+ | Assigned To: [EMAIL PROTECTED] |
+ | Reported By: [EMAIL PROTECTED] |
+ | CC list: Cc: |
+ +----------------------------------------------------------------------------+
+ | URL: |
+ +============================================================================+
+ | DESCRIPTION |
+ Hi:
+
+ The attributes such as "org.apache.catalina.classloader",
+"org.apache.catalina.jsp_classpath" are exposed through ServletContext and can be
+easily modified. No security violation is generated and anybody with an application
+installed on the web server can modify these variables. Is n't it a security problem
+for Tomcat?
+
+ Thanks
+ -Ramesh
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
