|
Buell, not Bueller. <G> ------------ Walden H Leverich III President Tech Software (516)627-3800 x11 WaldenL@TechSoftInc.com http://www.TechSoftInc.com -----Original Message----- From: Brad Stone [mailto:brad@bvstools.com] Sent: Tuesday, November 13, 2001 11:52 PM To: midrange-l@midrange.com Subject: JSP Security exposure (from usenet) Hey, I just read this on Usenet. I don't recall seeing it here. Apparently if you call a JSP and end it with a slash "/" it will show the source for the JSP. ie: www.myserver.com/runme.jsp will function normally. But www.myserver.com/runme.jsp/ will display the source for the JSP. I haven't tried it, but the poster on comp.sys.ibm.as400.misc said he has. He didn't mention if it was for Websphere or Tomcat. Anyone... Bueller? _______________________________________________ This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@midrange.com To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l or email: MIDRANGE-L-request@midrange.com Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
