Home page logo

bugtraq logo Bugtraq mailing list archives

re: Tomcat Security Exposure
From: Adam Manock <abmanock () earthlink net>
Date: Mon, 25 Mar 2002 07:28:54 -0500

From the Tomcat-user list, anyone know any more?

During development and deployment I discovered
that many types of errors while reading the web.xml
file would result in the app coming up (at least
partly), but with no security.

This seems like a serious security exposure in
a production environment.

I believe this is potentially a serious security
exposure and suggest that tomcat should never
allow access to the app if it has any problems
reading the web.xml file or establishing any of
the security environment.

Frank Lawlor
Athens Group, Inc.
(512) 345-0600 x151
Athens Group, an employee-owned consulting firm integrating technology
strategy and software solutions.


  By Date           By Thread  

Current thread:
  • re: Tomcat Security Exposure Adam Manock (Mar 25)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]