It is verified that Win2K is not subject to the security vulnerability.
Amy
----- Original Message -----
From: "Craig R. McClanahan" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, August 09, 2001 10:00 PM
Subject: Re: Quick suggestion before the new beta tag
>
>
> On Thu, 9 Aug 2001, Remy Maucherat wrote:
>
> > > Sounds *very* similar to mine (original Win98, Sun JDK 1.3.0_02
although I
> > > don't think that matters if it's not even executing the startup script
> > > correctly).
> > >
> > > I've got the usual config.sys entry to increase environment variable
> > > space:
> > >
> > > shell=c:\command.com c:\ /e:4096 /p
> > >
> > > but Tomcat 4 is *much* less sensitive to this than 3.x was.
> > >
> > > Grumble grumble ... Win98 is also the reason for tonight's release in
the
> > > first place .. the stupid OS interprets "/....../" type paths as the
same
> > > as an equivalent number of "/../../.." entries (one level per extra
dot
> > > beyond the first two).
> >
> > Oh, ok.
> > It doesn't happen with NT/2k, right ?
> >
>
> I haven't tested it myself, but the original reporter said that he
> suspected it *would* fail on NT.
>
> You can try it for yourself on Win2K with the following URL:
>
> http://localhost:8080/.../
>
> If you get a directory listing of the %CATALINA_HOME%\webapps directory,
> then you are subject to the same security vulnerability and should
> upgrade. I'd like to know if it's OK under W2K, though, in order to say
> the right thing in the announcement email.
>
> > Remy
> >
> >
>
> Craig
>
>
>
