You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by da...@tecnet1.jcte.jcs.mil on 2001/04/03 19:06:11 UTC

Security Problem with Tomcat

Hi,

  I've been reading the recent security reports concerning TOMCAT and I'm a little bit confused, so I'm hoping someone can explain them to me.

 I saw where you can walk the directory structure of your TOMCAT server.  From what I seen, the problem was on a WIN2K box with 3.2.1 using the TOMCAT web server.  I also read you can download your .jsp files.  Here again it seems this problem is evident with the TOMCAT web sever.  Later messages reported this problem with 4.02Beta.  Somewhere, the thread was lost and I can't piece all of it together. Therefor, I need to know if I have a problem with my configuration.

 My configuration consist of Solaris 2.6, Apache 1.3.9 and Tomcat 3.2.1.  Tomcat has been intergrated within our Apache web server.  But, I do start the TOMCAT server.  Also, should I upgrade to the latest Beta version to be more secure?  Is there anything I have to do to my jsp scripts if I upgrade?

 Finally, could someone give me a good detail explanation of the security issues with TOMCAT?

Dave Ansalvish