DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13046>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13046 tomcat mixes up context contents (can maybe exploited as a security hole!) Summary: tomcat mixes up context contents (can maybe exploited as a security hole!) Product: Tomcat 4 Version: 4.1.12 Platform: PC OS/Version: Windows XP Status: NEW Severity: Major Priority: Other Component: Unknown AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] this is a tricky one. tomcat somehow mixes context contents if the name of the other content appears in the path of the first content (see example). it looks as if virtual hosting triggers the bug. example: unpack the two webapps testA and testB and the server.xml from the attached zip file to a virgin tomcat 4.1.12. in order to test virtual hosting you have to point two dns entries to the machine that runs tomcat. i did this by entering "127.0.0.1 testA" and "127.0.0.1 testB" to etc/hosts (can be found in system32/drivers on win xp). to show the bug: querying http://testB/index.jsp results in "testB" (this is ok) querying http://testA/testB/index.jsp should result in "testA" but shows "testB" instead (actually this is the content from the testB context/virtual host!) in my opinion this is a major bug and a security hole because you can get contents from other domains. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
