You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2002/03/27 20:38:11 UTC

DO NOT REPLY [Bug 7532] New: - App init problems results in Severe Security Exposure

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7532>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7532

App init problems results in Severe Security Exposure

           Summary: App init problems results in Severe Security Exposure
           Product: Tomcat 4
           Version: 4.0.3 Final
          Platform: PC
        OS/Version: Windows NT/2K
            Status: NEW
          Severity: Major
          Priority: Other
         Component: Catalina:Modules
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: flawlor@athensgroup.com


During development and deployment I discovered
that many types of errors while reading the web.xml
file would result in the app coming up (at least
partly, generally fully), but with no security.

This seems like a serious security exposure in
a production environment.

I believe this is potentially a serious security
exposure and suggest that tomcat should never
allow access to the app if it has any problems
reading the web.xml file or establishing any of
the security environment.

Frank Lawlor
Athens Group, Inc.
(512) 345-0600 x151
Athens Group, an employee-owned consulting firm integrating technology
strategy and software solutions.

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>