https://issues.apache.org/bugzilla/show_bug.cgi?id=51769
Bug #: 51769
Summary: False positive: Somebody try to hack into the site!!!
Product: Tomcat Connectors
Version: 1.2.31
Platform: PC
OS/Version: Windows Server 2003
Status: NEW
Severity: normal
Priority: P2
Component: isapi
AssignedTo: [email protected]
ReportedBy: [email protected]
Classification: Unclassified
Messages such as the following are logged:
[Mon Sep 05 11:36:35 2011] [jk_isapi_plugin.c (843)]: HttpFilterProc
[/integrator/download/d2b3b4c1-5eb2-4c45-9ca6-2af7bdc286e3/teamtrainer/50/meta-inf.xml;jsessionid=4adfb2366e39fef63fda294d375f0273]
points to the web-inf or meta-inf directory.
Somebody try to hack into the site!!!
and HTTP status 403 is returned on the request. This is a false positive. The
file name is meta-inf.xml but it is not in the meta-inf directory.
A number of forum references can be found e.g.
http://mail-archives.apache.org/mod_mbox/tomcat-dev/200505.mbox/%[email protected]%3E
but it does appear to have been previously raised as a bug.
Unfortunately this renders the ispai connector unusable with this Tomcat
application.
Reproduced on isapi at 1.2.32 (not available in pulldown list!). Cannot be
reproduced in mod_jk connector.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
