Issues » Read access to restricted files in Tomcat on Windows

Issue: SI-43
Date: Mar 12, 2017, 8:00:00 PM
Severity: Medium
Requires Admin Access: No
Fix Version: n/a
Credit: Client
Description:

When running on an OS which does not have a case sensitive filesystem (i.e. Windows), you must not run with the "allowLinking" options turned on:  https://tomcat.apache.org/tomcat-8.0-doc/config/resources.html  Running in this environment with this setting set to true, sensitive files like those located in the META-INF can be exposed with the properly formatted browser request.

This setting is located in your context.xml - i.e. "<Resources allowLinking="true" />"

Mitigation:

  

Highly Rated and Recommended

We're rated Excellent 4.2/5 stars on G2 - with 95+ verified reviews