You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by BugRat Mail System <to...@cortexity.com> on 2001/01/02 05:52:11 UTC
BugRat Report #682 has been filed.
Bug report #682 has just been filed.
You can view the report at the following URL:
<http://znutar.cortexity.com/BugRatViewer/ShowReport/682>
REPORT #682 Details.
Project: Catalina
Category: Bug Report
SubCategory: New Bug Report
Class: swbug
State: received
Priority: high
Severity: critical
Confidence: public
Environment:
Release: m5
JVM Release: ANY
Operating System: ANY
OS Release: ANY
Platform: ANY
Synopsis:
Security Issue? Important attributes exposed by ServletContext can be modified
Description:
Hi:
The attributes such as "org.apache.catalina.classloader", "org.apache.catalina.jsp_classpath" are exposed through ServletContext and can be easily modified. No security violation is generated and anybody with an application installed on the web server can modify these variables. Is n't it a security problem for Tomcat?
Thanks
-Ramesh