[jboss-user] [Installation, Configuration & Deployment] - I'm able to access web.xml through URL! [jboss 4.0.2]

Monday, 11 June 2007

Hi all;
a recent security audit of an application based on jboss that I am developing revealed
that we can access the web.xml of the http-invoker.sar through a URL from the web.
the URL is: http://localhost:8083/WEB-INF./web.xml

jboss version is 4.0.2
how can i change this? is this a known issue in 4.0.2?

thanks in advance.

View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4053027#...

Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-user] [Installation, Configuration & Deployment] - I'm able to access web.xml through URL! [jboss 4.0.2]