Tomcat4 Update for Debian
Posted on: 01/10/2003 01:08 PM

An updated Tomcat4 package for Debian GNU/Linux 3.0 is now available

A security vulnerability has been confirmed to exist in Apache Tomcat 4.0.x releases, which allows to use a specially crafted URL to return the unprocessed source of a JSP page, or, under special circumstances, a static resource which would otherwise have been protected by a security constraint, without the need for being properly authenticated. This is based on a variant of the exploit that was identified as CAN-2002-1148.


Read more


Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/tomcat4_update_for_debian.html)