No your best bet is to comment out the following line (and no it won't be all on one line) from your web.xml file then schedule to upgrade to Tomcat 4.1.12 Stable or Tomcat 4.0.5. <servlet-mapping> <servlet-name>invoker</servlet-name> <url-pattern>/servlet/*</url-pattern> </servlet-mapping> The Jakarta Team has already posted a response to this bug, it can be viewed here: http://jakarta.apache.org/site/news.html ------------------ Martin Robson Radial Software Development Inc. Direct - (604) 868-1503 Main - (604) 692-5971 martinat_private http://www.radialsoftware.com -----Original Message----- From: Marcin Jackowski [mailto:masterat_private] Sent: Tuesday, September 24, 2002 12:30 PM To: bugtraqat_private Subject: Re: JSP source code exposure in Tomcat 4.x [...] > > 3.2 Workaround: [...] Quicker (brute) method - remove completely $TOMCAT_HOME/server/lib/servlets-default.jar. The server complains but applications seem to work correctly (unless you're using it). Stated for Tomcat version 4.0.1, 4.0.4 and 4.1.10. Marcin Jackowski
This archive was generated by hypermail 2b30 : Wed Sep 25 2002 - 08:46:32 PDT