DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13365>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13365 JSP source disclosure vulnerability not fixed when invoking servlets by name [EMAIL PROTECTED] changed: What |Removed |Added ---------------------------------------------------------------------------- OS/Version|Windows NT/2K |All Platform|PC |All ------- Additional Comments From [EMAIL PROTECTED] 2002-10-07 16:41 ------- For examples, by applying the following patch, is this bug fixed ??? Index: jakarta-tomcat-4.0/catalina/src/conf/web.xml =================================================================== RCS file: /home/cvspublic/jakarta-tomcat-4.0/catalina/src/conf/web.xml,v retrieving revision 1.44 diff -u -w -r1.44 web.xml --- jakarta-tomcat-4.0/catalina/src/conf/web.xml 21 Sep 2002 16:23:28 - 0000 1.44 +++ jakarta-tomcat-4.0/catalina/src/conf/web.xml 7 Oct 2002 16:21:49 - 0000 @@ -41,7 +41,7 @@ <!-- rejected? [true] --> <servlet> - <servlet-name>default</servlet-name> + <servlet-name>org.apache.catalina.servlets.DefaultServlet</servlet- name> <servlet-class> org.apache.catalina.servlets.DefaultServlet </servlet-class> @@ -265,7 +265,7 @@ <!-- The mapping for the default servlet --> <servlet-mapping> - <servlet-name>default</servlet-name> + <servlet-name>org.apache.catalina.servlets.DefaultServlet</servlet- name> <url-pattern>/</url-pattern> </servlet-mapping> # I individually think that a fundamental means to solve this problem is # to abolish or remove Invoker itself. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
