DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23949>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23949 Security : Directory traversal in "view-source" Summary: Security : Directory traversal in "view-source" Product: Cocoon 2 Version: 2.1.2 Platform: All OS/Version: All Status: NEW Severity: Critical Priority: Other Component: general components AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] http://a_Host.com:8888/samples/view-source?filename=../../../boot.ini allows to download the "boot.ini" file (located in the root of C drive under Window NT/2000/XP). I know this is only a sample script but unfortunately a lot of people do install their production machines with samples installed... A check on the filename should be done.
