[jboss-user] [Security & JAAS/JBoss] - WEB-INF folder accessible
anandms5
do-not-reply at jboss.com
Fri Jul 6 15:05:46 EDT 2007
Hi: How to fix this in JBOSS 3.2.5?
This vulnerability affects the Win32 versions of multiple j2ee servlet containers / application servers. By making a particular request to the servers in question it is possible to retrieve files located under the 'WEB-INF' directory.
For example:
www.someserver.com/WEB-INF./web.xml
or
www.someserver.com/WEB-INF./classes/MyServlet.class
Thanks,
Anand
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4061441#4061441
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4061441
More information about the jboss-user
mailing list