re: Tomcat Security Exposure

From: Adam Manock (abmanockat_private)
Date: Mon Mar 25 2002 - 04:28:54 PST

Next message: Fyodor: "Re: Identifying Kernel 2.4.x based Linux machines using UDP"

Previous message: Jonas Eriksson: "Apache 1.3.24 Released! (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

 From the Tomcat-user list, anyone know any more?

>During development and deployment I discovered
>that many types of errors while reading the web.xml
>file would result in the app coming up (at least
>partly), but with no security.
>
>This seems like a serious security exposure in
>a production environment.
>
>I believe this is potentially a serious security
>exposure and suggest that tomcat should never
>allow access to the app if it has any problems
>reading the web.xml file or establishing any of
>the security environment.
>
>Frank Lawlor
>Athens Group, Inc.
>(512) 345-0600 x151
>Athens Group, an employee-owned consulting firm integrating technology
>strategy and software solutions.

Adam

Next message: Fyodor: "Re: Identifying Kernel 2.4.x based Linux machines using UDP"
Previous message: Jonas Eriksson: "Apache 1.3.24 Released! (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Mar 25 2002 - 15:43:07 PST