Welcome to our website
Tomcat4 Update for Debian
Posted by philipp on: 01/10/2003 01:08 PM [ Print | 0 comment(s) ]
An updated Tomcat4 package for Debian GNU/Linux 3.0 is now available
A security vulnerability has been confirmed to exist in Apache Tomcat 4.0.x releases, which allows to use a specially crafted URL to return the unprocessed source of a JSP page, or, under special circumstances, a static resource which would otherwise have been protected by a security constraint, without the need for being properly authenticated. This is based on a variant of the exploit that was identified as CAN-2002-1148.