You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2002/03/27 20:38:11 UTC
DO NOT REPLY [Bug 7532] New: -
App init problems results in Severe Security Exposure
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7532>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7532
App init problems results in Severe Security Exposure
Summary: App init problems results in Severe Security Exposure
Product: Tomcat 4
Version: 4.0.3 Final
Platform: PC
OS/Version: Windows NT/2K
Status: NEW
Severity: Major
Priority: Other
Component: Catalina:Modules
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: flawlor@athensgroup.com
During development and deployment I discovered
that many types of errors while reading the web.xml
file would result in the app coming up (at least
partly, generally fully), but with no security.
This seems like a serious security exposure in
a production environment.
I believe this is potentially a serious security
exposure and suggest that tomcat should never
allow access to the app if it has any problems
reading the web.xml file or establishing any of
the security environment.
Frank Lawlor
Athens Group, Inc.
(512) 345-0600 x151
Athens Group, an employee-owned consulting firm integrating technology
strategy and software solutions.
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>