K 10
svn:author
V 5
znerd
K 8
svn:date
V 27
2002-10-10T22:51:09.000000Z
K 7
svn:log
V 627
Upgrade to Tomcat 4.0.6, released on 9 October 2002. From the
News & Status page:

	A security vulnerability has been confirmed to exist in
	Apache Tomcat 4.0.x releases (including Tomcat 4.0.5),
	which allows to use a specially crafted URL to return the
	unprocessed source of a JSP page, or, under special
	circumstances, a static resource which would otherwise have been
	protected by security constraint, without the need for being
	properly authenticated.  This is based on a variant of the
	exploit that was disclosed on
	09/24/2002.

See:
http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.6/RELEASE-NOTES

END