mailing list archives
re: Tomcat Security Exposure
From: Adam Manock <abmanock () earthlink net>
Date: Mon, 25 Mar 2002 07:28:54 -0500
From the Tomcat-user list, anyone know any more?
During development and deployment I discovered
that many types of errors while reading the web.xml
file would result in the app coming up (at least
partly), but with no security.
This seems like a serious security exposure in
a production environment.
I believe this is potentially a serious security
exposure and suggest that tomcat should never
allow access to the app if it has any problems
reading the web.xml file or establishing any of
the security environment.
Athens Group, Inc.
(512) 345-0600 x151
Athens Group, an employee-owned consulting firm integrating technology
strategy and software solutions.
- re: Tomcat Security Exposure Adam Manock (Mar 25)