You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by William Barker <wi...@wilshire.com> on 2001/08/15 23:48:15 UTC

[PATCH] Potential security problem with '?' in jsp file name TC3.3B1

Using:
 Apache 1.3.17
TC3.3 B1
 Ajp13
Java 1.3.1

making the request http://myserver/%3f%41%3d%42.jsp was interpreted as a
request for the file "/?A=B.jsp".  JspInterceptor then happily creates a
page containing the contents of the ROOT directory.  The attached patch
forbids such silliness.

Re: [PATCH] Potential security problem with '?' in jsp file name TC3.3B1

Posted by Bill Barker <wb...@wilshire.com>.

I've confirmed that this also happens with TC3.3B1 stand-alone:

$ telnet localhost 8080
GET /%3f%41%3d%42.jsp HTTP/1.0

<insert directory listing here>
----- Original Message -----
From: "William Barker" <wi...@wilshire.com>
To: <to...@jakarta.apache.org>
Sent: Wednesday, August 15, 2001 2:48 PM
Subject: [PATCH] Potential security problem with '?' in jsp file name
TC3.3B1


> Using:
>  Apache 1.3.17
> TC3.3 B1
>  Ajp13
> Java 1.3.1
>
> making the request http://myserver/%3f%41%3d%42.jsp was interpreted as a
> request for the file "/?A=B.jsp".  JspInterceptor then happily creates a
> page containing the contents of the ROOT directory.  The attached patch
> forbids such silliness.
>