users@glassfish.java.net

Re: WEB-INF dot file retrieval vulnerability on Win32 boxes

From: <glassfish_at_javadesktop.org>
Date: Mon, 11 Aug 2008 13:59:29 PDT

You probably forgot to mention that this vulnerability exists only after you set "allowLinking" to "true", right? Can you please confirm? There are several issues with this setting on Windows, which is why it defaults to "false".
[Message sent by forum member 'jluehe' (jluehe)]

http://forums.java.net/jive/thread.jspa?messageID=292687