https://issues.apache.org/bugzilla/show_bug.cgi?id=51769
Bug #: 51769 Summary: False positive: Somebody try to hack into the site!!! Product: Tomcat Connectors Version: 1.2.31 Platform: PC OS/Version: Windows Server 2003 Status: NEW Severity: normal Priority: P2 Component: isapi AssignedTo: dev@tomcat.apache.org ReportedBy: stefan.ll...@essentia.ltd.uk Classification: Unclassified Messages such as the following are logged: [Mon Sep 05 11:36:35 2011] [jk_isapi_plugin.c (843)]: HttpFilterProc [/integrator/download/d2b3b4c1-5eb2-4c45-9ca6-2af7bdc286e3/teamtrainer/50/meta-inf.xml;jsessionid=4adfb2366e39fef63fda294d375f0273] points to the web-inf or meta-inf directory. Somebody try to hack into the site!!! and HTTP status 403 is returned on the request. This is a false positive. The file name is meta-inf.xml but it is not in the meta-inf directory. A number of forum references can be found e.g. http://mail-archives.apache.org/mod_mbox/tomcat-dev/200505.mbox/%3c1115929838.4283bcee5c...@aragorntools.webappcabaret.net%3E but it does appear to have been previously raised as a bug. Unfortunately this renders the ispai connector unusable with this Tomcat application. Reproduced on isapi at 1.2.32 (not available in pulldown list!). Cannot be reproduced in mod_jk connector. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org