1 Reply Latest reply on Jul 17, 2007 11:14 AM by anandms5

WEB-INF folder accessible

anandms5 Jul 6, 2007 3:05 PM

Hi: How to fix this in JBOSS 3.2.5?

This vulnerability affects the Win32 versions of multiple j2ee servlet containers / application servers. By making a particular request to the servers in question it is possible to retrieve files located under the 'WEB-INF' directory.
For example:
www.someserver.com/WEB-INF./web.xml
or
www.someserver.com/WEB-INF./classes/MyServlet.class

Thanks,
Anand

1. Re: WEB-INF folder accessible

anandms5 Jul 17, 2007 11:14 AM (in response to anandms5)

Please can somebody throw some light on this?

Thanks,
Anand
Actions