Hello, Due to the increased volume of SPAM this mailbox has been closed.
Please contact us via http://www.directxtras.com/ContactUS.asp We apology for the inconvenience. Best Regards, -- The DirectXtras Team --------------------------------------------------------------------- DirectXtras - Xtra Power for Director and Authorware - http://www.directxtras.com Sites with something to say - http://www.SpeaksForItself.com --------------------------------------------------------------------- Your message reads: Received: from mail.apache.org (unverified [208.185.179.12]) by mail2.intermedia.net (Rockliffe SMTPRA 4.5.6) with SMTP id <[EMAIL PROTECTED]> for <[EMAIL PROTECTED]>; Fri, 16 Apr 2004 03:09:54 -0700 Received: (qmail 87620 invoked by uid 500); 16 Apr 2004 10:09:31 -0000 Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm Precedence: bulk List-Unsubscribe: <mailto:[EMAIL PROTECTED]> List-Subscribe: <mailto:[EMAIL PROTECTED]> List-Help: <mailto:[EMAIL PROTECTED]> List-Post: <mailto:[EMAIL PROTECTED]> List-Id: "Tomcat Developers List" <tomcat-dev.jakarta.apache.org> Reply-To: "Tomcat Developers List" <[EMAIL PROTECTED]> Delivered-To: mailing list [EMAIL PROTECTED] Received: (qmail 87603 invoked from network); 16 Apr 2004 10:09:31 -0000 Received: from unknown (HELO loninmrp0.uk.db.com) (160.83.52.97) by daedalus.apache.org with SMTP; 16 Apr 2004 10:09:31 -0000 Received: from sdbo1003.db.com by loninmrp0.uk.db.com id i3GA9hKt031914; Fri, 16 Apr 2004 11:09:44 +0100 Subject: single percent sign in a parameter causes an exception report detailing tomcat version To: "Tomcat Developers List" <[EMAIL PROTECTED]> X-Mailer: Lotus Notes Release 5.0.8 June 18, 2001 Message-ID: <[EMAIL PROTECTED]> From: "David Cassidy" <[EMAIL PROTECTED]> Date: Fri, 16 Apr 2004 11:09:42 +0100 X-MIMETrack: Serialize by Router on sdbo1003/DMGUK/DeuBaInt/DeuBa(5012HF499 | November 14, 2003) at 16/04/2004 11:09:47 AM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Guys, We've had a pen test done on one of the apps we look after and they an issue which I'd like a little guidance on ... (Accept that these guys are specifically sending iffy requests to cause the system to break or detail what versions of the code is being used to provide ways of hacking in ..) If you have a page that does request.getParameter("paramName") and you specify page.jsp?paramName=% The result is an exception report that details what version of tomcat you are running (I've tried this with 4.1.29 and it does make a wonderful exception report!) Anyone seen this before ? Anyone got a fix ? Thanks David -- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]