Hi all;
a recent security audit of an application based on jboss that I am developing revealed that we can access the web.xml of the http-invoker.sar through a URL from the web.
the URL is: http://localhost:8083/WEB-INF./web.xml

jboss version is 4.0.2
how can i change this? is this a known issue in 4.0.2?

thanks in advance.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4053027#4053027

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4053027
_______________________________________________
jboss-user mailing list
jboss-user@(protected)
https://lists.jboss.org/mailman/listinfo/jboss-user