Upgrade to Tomcat 4.0.6, released on 9 October 2002. From the

News & Status page:

	A security vulnerability has been confirmed to exist in
	Apache Tomcat 4.0.x releases (including Tomcat 4.0.5),
	which allows to use a specially crafted URL to return the
	unprocessed source of a JSP page, or, under special
	circumstances, a static resource which would otherwise have been
	protected by security constraint, without the need for being
	properly authenticated.  This is based on a variant of the
	exploit that was disclosed on
	09/24/2002.

See:
http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.6/RELEASE-NOTES

0 files changed, 0 insertions, 0 deletions