kjkoster
30-01-2009, 21:25
Dear All,
You'd think that if another server has a url parsing vulnerability (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2370), this would serve as a warning sign to other application server vendors. I guess it's not that simple. Sun's Java System Application Server suffers from a configuration file disclosure vulnerability (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0278).
Kees Jan
You'd think that if another server has a url parsing vulnerability (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2370), this would serve as a warning sign to other application server vendors. I guess it's not that simple. Sun's Java System Application Server suffers from a configuration file disclosure vulnerability (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0278).
Kees Jan