Hi: How to fix this in JBOSS 3.2.5?

This vulnerability affects the Win32 versions of multiple j2ee servlet containers / application servers. By making a particular request to the servers in question it is possible to retrieve files located under the 'WEB-INF' directory.
For example:
www.someserver.com/WEB-INF./web.xml
or
www.someserver.com/WEB-INF./classes/MyServlet.class

Thanks,
Anand

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4061441#4061441

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4061441
_______________________________________________
jboss-user mailing list
jboss-user@(protected)
https://lists.jboss.org/mailman/listinfo/jboss-user