Bugtraq mailing list archives
re: Tomcat Security Exposure
From: Adam Manock <abmanock () earthlink net>
Date: Mon, 25 Mar 2002 07:28:54 -0500
From the Tomcat-user list, anyone know any more?
During development and deployment I discovered that many types of errors while reading the web.xml file would result in the app coming up (at least partly), but with no security. This seems like a serious security exposure in a production environment. I believe this is potentially a serious security exposure and suggest that tomcat should never allow access to the app if it has any problems reading the web.xml file or establishing any of the security environment. Frank Lawlor Athens Group, Inc. (512) 345-0600 x151 Athens Group, an employee-owned consulting firm integrating technology strategy and software solutions.
Adam
Current thread:
- re: Tomcat Security Exposure Adam Manock (Mar 25)