DO NOT REPLY [Bug 50026] New: DefaultServlet serves META-INF and WEB-INF from root when remapped on /folder/*

bugzilla Wed, 29 Sep 2010 08:26:14 -0700

https://issues.apache.org/bugzilla/show_bug.cgi?id=50026


           Summary: DefaultServlet serves META-INF and WEB-INF from root
                    when remapped on /folder/*
           Product: Tomcat 6
           Version: 6.0.29
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: critical
          Priority: P2
         Component: Catalina
        AssignedTo: dev@tomcat.apache.org
        ReportedBy: bal...@gmail.com


The following in web.xml

    <servlet>
        <servlet-name>static</servlet-name>
       
<servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>static</servlet-name>
        <url-pattern>/static/*</url-pattern>
    </servlet-mapping>

makes restricted folders accessible by e.g.

http://localhost:8080/context/static/WEB-INF/web.xml
http://localhost:8080/context/static/META-INF/MANIFEST.MF

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

DO NOT REPLY [Bug 50026] New: DefaultServlet serves META-INF and WEB-INF from root when remapped on /folder/*

Reply via email to