You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Guenter Knauf <fu...@apache.org> on 2007/04/18 18:48:34 UTC

[PROPOSAL] add Tomcat version output to snoop.jsp sample

Hi all,
since I often test with different Tomcat versions I would find it useful to see the TC version too with the snoop sample, f.e. something like that (or also at the end added):

--- snoop.jsp.orig	Wed Apr 18 18:35:12 2007
+++ snoop.jsp	Wed Apr 18 18:41:46 2007
@@ -19,6 +19,8 @@
 <body bgcolor="white">
 <h1> Request Information </h1>
 <font size="4">
+Server Software: <%= getServletContext().getServerInfo() %>
+<br>
 JSP Request Method: <% out.print(util.HTMLFilter.filter(request.getMethod())); %>
 <br>
 Request URI: <%= request.getRequestURI() %>

do you agree with this small add?

thanks, Guenter.



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

Re: [PROPOSAL] add Tomcat version output to snoop.jsp sample

Posted by Henri Gomez <he...@gmail.com>.

+1

2007/4/18, Guenter Knauf <fu...@apache.org>:
> Hi all,
> since I often test with different Tomcat versions I would find it useful to see the TC version too with the snoop sample, f.e. something like that (or also at the end added):
>
> --- snoop.jsp.orig      Wed Apr 18 18:35:12 2007
> +++ snoop.jsp   Wed Apr 18 18:41:46 2007
> @@ -19,6 +19,8 @@
>  <body bgcolor="white">
>  <h1> Request Information </h1>
>  <font size="4">
> +Server Software: <%= getServletContext().getServerInfo() %>
> +<br>
>  JSP Request Method: <% out.print(util.HTMLFilter.filter(request.getMethod())); %>
>  <br>
>  Request URI: <%= request.getRequestURI() %>
>
> do you agree with this small add?
>
> thanks, Guenter.
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

Re: [PROPOSAL] add Tomcat version output to snoop.jsp sample

Posted by Mark Thomas <ma...@apache.org>.

Guenter Knauf wrote:
> Hi all,
> since I often test with different Tomcat versions I would find it useful to see the TC version too with the snoop sample, f.e. something like that (or also at the end added):

-1. This will create a minor information disclosure vulnerability.

The same (actually more) information is available from:
 - the manager (requires a password to access)
 - catalina version (only available from the command line)

Mark


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org