All known "URL Trickery" source exposure bugs have been fixed in Tomcat
3.2.2 (and 3.3 and 4.0).
> -----Original Message-----
> From: Venkat [mailto:[EMAIL PROTECTED]]
> Sent: Friday, June 08, 2001 4:14 AM
> To: [EMAIL PROTECTED]
> Subject: Source script reveal bug
>
>
> I should do this today, please advise
>
>
> #####
>
> Hi All
>
> Since I could not get a solution from the archives, this posting is
> inevitable
>
> I'm using Tomcat 3.2.1 on my production server on Win2K with IIS 5. I
> recently come across about a bug in this version of Tomcat which
> reveals JSP
> script source code by URL trickery. I hope many of you guys
> there are aware
> of it and fixed it too. I wish to know that is it a bug in
> Windows platform
> (because coldfusion on windows has similar problem add +.htr to
> your cfm url
> reveals cfm source code, and MS has a fix for NT 4.0 and win2K)
>
> If it's a bug in Tomcat, is there a fix for it and how to do it. Please
> reply with complete details/urls
>
> Regards
>
> Venkat
>
> #######
>
>
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
