DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16667>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16667 tomcat 4.1.18 + apache 1.3.26 WEB-INF web.xml visible Summary: tomcat 4.1.18 + apache 1.3.26 WEB-INF web.xml visible Product: Tomcat 4 Version: 4.1.18 Platform: All URL: I have one application running in tomcat 4.1.18 and apache. OS/Version: Linux Status: NEW Severity: Critical Priority: Other Component: Unknown AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] I have several applications running in tomcat 4.1.18 and apache 1.3.26 with mod_jk 1.2.2. if i writte in the browser (explorer): http://www.domain.com/WEB-INF/web.xml the system shows me the file, the web.xml conf file. This is one great security problem. in the apache conf file i have: <Directory "WEB-INF"> Options -Indexes AllowOverride None Order deny,allow Deny from all </Directory> and is posible to load the classes (class files) thar are int the WEB- INF/classes directory the example in: http://www.tinieblas.com/WEB-INF/web.xml --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
