I'm able to access web.xml through URL! [jboss 4.0.2]

gkatz Jun 11, 2007 6:06 AM

Hi all;
a recent security audit of an application based on jboss that I am developing revealed that we can access the web.xml of the http-invoker.sar through a URL from the web.
the URL is: http://localhost:8083/WEB-INF./web.xml

jboss version is 4.0.2
how can i change this? is this a known issue in 4.0.2?

thanks in advance.

1. Re: I'm able to access web.xml through URL! [jboss 4.0.2]

gkatz Jun 13, 2007 3:51 AM (in response to gkatz)

for anybody reading this post.
I think i found the answer. there is an issue with 4.0.2
please see:
http://jira.jboss.com/jira/browse/ASPATCH-72
Actions