You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Renato <we...@cienciapura.com.br> on 2001/12/03 12:16:34 UTC
Directory listing vulnerability in Tomcat 3.2
Hi all,
Recently I saw in the vuln-dev list a directory
listing vulnerability in Tomcat 3.2.3. It's simple,
just call the URL:
http://yousite/%3f.jsp
Is it fixed in Tomcat 3.2.4 ?
Thanks
--
To unsubscribe: <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>
Re: Directory listing vulnerability in Tomcat 3.2
Posted by Renato <we...@cienciapura.com.br>.
I just downloaded and installed Tomcat 3.2.4 and the problem in on this
version too.
I think that if you a 404 error page defined, this problem doesn't happen.
Anyway, I think it's a vulnerability.
On Mon Dec 3 11:16:34 2001, "Renato" <we...@cienciapura.com.br>
escreveu :
> Hi all,
>
> Recently I saw in the vuln-dev list a directory
> listing vulnerability in Tomcat 3.2.3. It's simple,
> just call the URL:
>
> http://yousite/%3f.jsp
>
> Is it fixed in Tomcat 3.2.4 ?
>
> Thanks
>
>
>
> --
> To unsubscribe: <ma...@jakarta.apache.org>
> For additional commands: <ma...@jakarta.apache.org>
> Troubles with the list: <ma...@jakarta.apache.org>
>
>
>
>
--
To unsubscribe: <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>
Re: Directory listing vulnerability in Tomcat 3.2
Posted by Renato <we...@cienciapura.com.br>.
I just downloaded and installed Tomcat 3.2.4 and the problem in on this
version too.
I think that if you a 404 error page defined, this problem doesn't happen.
Anyway, I think it's a vulnerability.
On Mon Dec 3 11:16:34 2001, "Renato" <we...@cienciapura.com.br>
escreveu :
> Hi all,
>
> Recently I saw in the vuln-dev list a directory
> listing vulnerability in Tomcat 3.2.3. It's simple,
> just call the URL:
>
> http://yousite/%3f.jsp
>
> Is it fixed in Tomcat 3.2.4 ?
>
> Thanks
>
>
>
> --
> To unsubscribe: <ma...@jakarta.apache.org>
> For additional commands: <ma...@jakarta.apache.org>
> Troubles with the list: <ma...@jakarta.apache.org>
>
>
>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>