On 22/11/2012 09:52, Aditi Sinha wrote: > Hi Andre, > > Agree with your points. > > Just wanted to know more about “Directory Traversal Attack". > Can it lead to access of directories outside Tomcat/webapps folder also
For the last time, this is in all probability a false positive due to a crappy implementation of a vulnerability scanner. Test it yourself. Are you able to access a directory or file below the level of the webapps directory, simply by using a specially crafted request? If the answer is "no", you have your answer. p > or can it just try to access the applications within Tomcat/webapps > folder only? > > > Thanks & Regards, > Aditi > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -- [key:62590808]
signature.asc
Description: OpenPGP digital signature
