Fixed in Apache Tomcat 4.0.2

Low: Information disclosure CVE-2002-2009, CVE-2001-0917 Requests for JSP files where the file name is preceded by '+/', '/', '/' or '%20/' or a request for a JSP with a long file name would result in in an error page that included the full file system path to the JSP file. Affects: 4.0.0-4.0.1...

SHGetPathFromIDList.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Windows Api SHGetPathFromIDList Buffer Overflow To all those people who sent email to us asking for more information about the SHGetPathFromIDList Windows Api overflow. Here is a more specific description about the problem. All Structure lengths, or...