0 Replies Latest reply on Jun 14, 2003 7:58 AM by marc_schoenefeld

    JSP source disclosure: JBoss 4.0DR1 (Jetty-version)

    marc_schoenefeld Newbie


      JBoss 4.0DR1 (Jetty-version) is still vulnerable to JSP source code
      disclosure. Nothing has changed since the post of the same
      vulnerability in the 3.2.1 version.

      For those of you who missed the original post,
      try the following URLs in your JBoss installation:

      While browsing the source, you will notice that
      the jsp tags are not processed!