Hi all;
a recent security audit of an application based on jboss that I am developing revealed that we can access the web.xml of the http-invoker.sar through a URL from the web.
the URL is: http://localhost:8083/WEB-INF./web.xml
jboss version is 4.0.2
how can i change this? is this a known issue in 4.0.2?
thanks in advance.
for anybody reading this post.
I think i found the answer. there is an issue with 4.0.2
please see:
http://jira.jboss.com/jira/browse/ASPATCH-72