users@glassfish.java.net

Re: WEB-INF dot file retrieval vulnerability on Win32 boxes

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: <glassfish_at_javadesktop.org>
Date: Mon, 11 Aug 2008 13:59:29 PDT

You probably forgot to mention that this vulnerability exists only after you set "allowLinking" to "true", right? Can you please confirm? There are several issues with this setting on Windows, which is why it defaults to "false".
[Message sent by forum member 'jluehe' (jluehe)]

http://forums.java.net/jive/thread.jspa?messageID=292687

This message: [ Message body ]
Next message: Dave Rafkind: "stacktrace question"
Previous message: NBW: "Re: Announcing FishCAT, a community Beta program, please join Fish CAT to find bugs"
In reply to: glassfish_at_javadesktop.org: "WEB-INF dot file retrieval vulnerability on Win32 boxes"
Next in thread: glassfish_at_javadesktop.org: "Re: WEB-INF dot file retrieval vulnerability on Win32 boxes"
Reply: glassfish_at_javadesktop.org: "Re: WEB-INF dot file retrieval vulnerability on Win32 boxes"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]