You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Bi...@nokia.com on 2001/04/05 21:38:14 UTC

Directory traversal exploit - Any fix/workaround?

Hi all,
Is there any workaround for the recently announced exploit that exposes
directory listings using tomcat?
exploits: http://target:8080/%2e%2e/%2e%2e/%00.jsp
It is possible to cause the Tomcat server to Listing outside the document
root directory scope.
I do not use JSP, so if disabling JSP support in Tomcat is the answer, can I
do that? If so how?

Thanks,
Bill