Guys,
We've had a pen test done on one of the apps we look after and they an issue which I'd
like a little guidance on ...
(Accept that these guys are specifically sending iffy requests to cause the system to
break or detail
what versions of the code is being used to provide ways of hacking in ..)
If you have a page that does
request.getParameter("paramName")
and you specify
page.jsp?paramName=%
The result is an exception report that details what version of tomcat you are running
(I've tried this with 4.1.29 and it does make a wonderful exception report!)
Anyone seen this before ?
Anyone got a fix ?
Thanks
David
--
This e-mail may contain confidential and/or privileged information. If you are not the
intended recipient (or have received this e-mail in error) please notify the sender
immediately and destroy this e-mail. Any unauthorized copying, disclosure or
distribution of the material in this e-mail is strictly forbidden.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
