Hi: How to fix this in JBOSS 3.2.5?
This vulnerability affects the Win32 versions of multiple j2ee servlet containers / application servers. By making a particular request to the servers in question it is possible to retrieve files located under the 'WEB-INF' directory.
For example:
www.someserver.com/WEB-INF./web.xml
or
www.someserver.com/WEB-INF./classes/MyServlet.class
Thanks,
Anand
Please can somebody throw some light on this?
Thanks,
Anand