Frank Peters wrote: > Hi, > > I found the following security issue at security focus: > > http://www.securityfocus.com/bid/19106/info > > In my opinion, this issue is fixed with #37150 in 5.5.13 because directory > listing is disabled by default, isn't it? > > Regards > Frank
In short, yes. It is open to debate whether this is a bug or not as all the proofs provided are just Httpd and Tomcat behaving exactly as expected for the given configuration. If the configuration isn't secure then that isn't a security issue the products. That being said, turning off directory listing by default is a sensible thing to do from a security point of view. Mark --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
