Bugtraq mailing list archives

Re: JSP source code exposure in Tomcat 4.x

From: Marcin Jackowski <master () px pl>
Date: Tue, 24 Sep 2002 21:30:17 +0200 (CEST)

[...]


      3.2 Workaround:

[...]

Quicker (brute) method - remove completely
$TOMCAT_HOME/server/lib/servlets-default.jar.
The server complains but applications seem to work correctly
(unless you're using it).

Stated for Tomcat version 4.0.1, 4.0.4 and 4.1.10.

Marcin Jackowski

Current thread:

JSP source code exposure in Tomcat 4.x Rossen Raykov (Sep 24)
- Re: JSP source code exposure in Tomcat 4.x DominusQ (Sep 24)
- Re: JSP source code exposure in Tomcat 4.x Marcin Jackowski (Sep 24)
  - RE: JSP source code exposure in Tomcat 4.x Martin Robson (Sep 25)