| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 25086 | 2002-09-25 11:58:00 | This place uses Tomcat, right? | sal (67) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 83121 | 2002-09-25 11:58:00 | if it does then....theres a security issue....whats ur email address (moderator) grtz sal. nz |
sal (67) | ||
| 83122 | 2002-09-25 12:04:00 | argh, i want to post it up here, its a new one (if you already knew of others, lol) but from what i can tell, its not very dangerous can i post it up, can i? :D grtz sal. nz |
sal (67) | ||
| 83123 | 2002-09-25 12:31:00 | Server: Apache/1.3.23 (Unix) (Red-Hat/Linux) mod_ssl/2.8.7 OpenSSL/0.9.6b Would be what they are using. But yes I have seen Tomcat mentioned here at times. |
-=JM=- (16) | ||
| 83124 | 2002-09-25 12:36:00 | Apache Tomcat/4.0.3 yep, they do Tomcat is the free opensource Java server, jakarta.apache.org |
sal (67) | ||
| 83125 | 2002-09-25 12:39:00 | It was mentioned in (I think) tweak'es news post yesterday. I was wondering if that might be causing some of the problems around here lately :) unlikely I guess... Mike. |
Mike (15) | ||
| 83126 | 2002-09-25 12:41:00 | oh, im tired, i had a look at the repercussions of posting up the vulnerablitlty, and could see no problems arise fro it, so here goes Tomcat is vulnerable to source code exposure by using the default servlet org.apache.catalina.servlets.DefaultServlet. Let say you have valid URL like nz /login.jsp," target="_blank">pressf1.co. nz then an URL like nz /servlet/org.apache.catalina.servlets.DefaultServlet/login.jsp" target="_blank">pressf1.co. nz will give you the source code of the JSP page. although i dont really see whats so great about seeing the source code of a jive forum :p grtz sal. nz |
sal (67) | ||
| 83127 | 2002-09-25 12:44:00 | ah interesting :) don't think it is the same as the one in the news post Mike. |
Mike (15) | ||
| 83128 | 2002-09-25 13:06:00 | whoa, im obviously tired judging from my last posts typos, and maybe my judgement in posting up the vulnerablilty, although i dont really know much stuff about that side of things ;), but i guess seeing as i mentioned it, it wouldnt be long before the 'story got out', lolz, nite :D grtz sal. tga |
sal (67) | ||
| 1 | |||||