Re: JSP source code exposure in Tomcat 4.x

From: Marcin Jackowski (masterat_private)
Date: Tue Sep 24 2002 - 12:30:17 PDT

Next message: Gossi The Dog: "[Full-Disclosure] Information Disclosure with Invision Board installation (fwd)"

Previous message: Eric Stevens: "RE: Trillian Remote DoS Attack - AIM"
In reply to: Rossen Raykov: "JSP source code exposure in Tomcat 4.x"
Next in thread: Martin Robson: "RE: JSP source code exposure in Tomcat 4.x"
Reply: Martin Robson: "RE: JSP source code exposure in Tomcat 4.x"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[...]
> 
> 	3.2 Workaround:
[...]

Quicker (brute) method - remove completely
$TOMCAT_HOME/server/lib/servlets-default.jar.
The server complains but applications seem to work correctly
(unless you're using it).

Stated for Tomcat version 4.0.1, 4.0.4 and 4.1.10.

Marcin Jackowski

Next message: Gossi The Dog: "[Full-Disclosure] Information Disclosure with Invision Board installation (fwd)"
Previous message: Eric Stevens: "RE: Trillian Remote DoS Attack - AIM"
In reply to: Rossen Raykov: "JSP source code exposure in Tomcat 4.x"
Next in thread: Martin Robson: "RE: JSP source code exposure in Tomcat 4.x"
Reply: Martin Robson: "RE: JSP source code exposure in Tomcat 4.x"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Sep 24 2002 - 13:31:58 PDT