Vulnerability in Apache Tomcat
Apache Jakarta Project has reported - at
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/ - that 3.3.1 and previous versions of Apache Tomcat are affected by a security flaw and has released version 3.3.1a, which fixes it.
The vulnerability occurs when Tomcat receives HTTP petitions containing certain characteristics, which could return a directory listing and even allow access to the file structure that is not visible by default.
Other variants of attack based on the same vulnerability allow the contents of jsp files to be viewed, html files to be interpreted, or files with any other extension, running commands that could have been inserted in the files.
-------------
cheers
mySteRioUs
Apache Jakarta Project has reported - at
http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/ - that 3.3.1 and previous versions of Apache Tomcat are affected by a security flaw and has released version 3.3.1a, which fixes it.
The vulnerability occurs when Tomcat receives HTTP petitions containing certain characteristics, which could return a directory listing and even allow access to the file structure that is not visible by default.
Other variants of attack based on the same vulnerability allow the contents of jsp files to be viewed, html files to be interpreted, or files with any other extension, running commands that could have been inserted in the files.
-------------
cheers
mySteRioUs