Tomcat4 Update for Debian
Posted on: 01/10/2003 02:08 PM

An updated Tomcat4 package for Debian GNU/Linux 3.0 is now available

A security vulnerability has been confirmed to exist in Apache Tomcat 4.0.x releases, which allows to use a specially crafted URL to return the unprocessed source of a JSP page, or, under special circumstances, a static resource which would otherwise have been protected by a security constraint, without the need for being properly authenticated. This is based on a variant of the exploit that was identified as CAN-2002-1148.

Read more

Printed from Linux Compatible (