i having security issue tomcat 8.5 application web-inf contents. not suppose able access content of web-inf (i.e. web.xml)via url can seem access. how restrict access? thought should restricted out box. using linux , permission rw user , r group.
any suggestion appreciated.
normally, files under /web-inf not accessible directly outside. if files can accessible, application has vulnerabilities, path traversal. simple solution is, example, restrict access urls including web-inf apache in front of tomcat.
Comments
Post a Comment