Apache Tomcat Source Disclosure Hole 14
joe writes "Apache has released a security warning in its popular server
Tomcat. This security hole allows non authenticated users to retrieve source code of web applications on the server."
The Tao is like a glob pattern: used but never used up. It is like the extern void: filled with infinite possibilities.
You mean that ... (Score:3, Funny)
Re:You mean that ... (Score:3, Informative)
When a user requests a
Re:You mean that ... (Score:1)
The poster probably meant it as a joke.
That post should be modded as funny.
Re:You mean that ... (Score:1)
But I still think they did it on purpose, to spread the open source philosophy in an unknown manner, on a level never reached before.
Hmmmm. (Score:5, Insightful)
Meanwhile, every obscure, really difficult to implement, not really dangerous IIS flaw makes it to the frontpage, so we can have 500 comments of MS sucks, use open source, it can be patched faster!
No wonder the views are so lopsided. Massive exposure to every MS bug. Hide every open source bug.
Bring on the moderation. Its not that big of a deal...
Re:Hmmmm. (Score:1)
Re:Hmmmm. (Score:2)
Re:Hmmmm. (Score:2)
Actually, though, it's nice to see that Linux and opensource in general has come so far that it's now the Microsoft camp that are zealots and the voice of hysteria. I think this only changed in the last two years or so.
And opensource projects are tradionally patched faster, so there!
Re:Hmmmm. (Score:2, Interesting)
I do see your point however, that some bugs seem to be presented in a more obfucated way than others are.
Re:Hmmmm. (Score:2)
From Bugtraq:
Apache AND Tomcat - All Versions - 51 combined (18 Tomcat / 33 Apache )
IIS - All Versions - 102
Microsoft products DO suck.
And there's this:
"The Apache Tomcat Team announces the immediate availability of new releases which include a fix to the invoker servlet.
Binary and source distributions for Apache Tomcat 4.1.12 Stable are available here [apache.org].
Binary and source distributions for Apache Tomcat 4.0.5 are available here [apache.org]."
How long would MS have you wait before a fix? Hell, before even _telling_ you if they had their way and it wasn't uncovered by a third-party?
Still, this news item _should_ have been on the front page.
LEXX
Not that many apache users use tomcat (Score:2)
Re:Not that many apache users use tomcat (Score:1)