You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2001/10/22 18:19:12 UTC

DO NOT REPLY [Bug 4227] - Invalid CGI path

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=4227>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=4227

Invalid CGI path





------- Additional Comments From craig.mcclanahan@sun.com  2001-10-22 09:19 -------
Currently, the CGI servlet refuses to run a request that has "/./" or "/../" in
the CGI command path (as yours does), in order to avoid spoofing attacks that
try to access binaries outside of the appropriate webapp directory.  In this
case, it appears that the "/../" is occurring because you are letting the
standard startup script figure out what CATALINA_HOME is.

Could you try explicitly setting the CATALINA_HOME environment variable (to
"/opt/catalina") and see if that solves the problem for you?