CVE-2019-12938

The Roundcube component of Analogic Poste.io 2.1.6 uses .htaccess to protect the logs/ folder, which is effective with the Apache HTTP Server but is ineffective with nginx. Attackers can read logs via the webmail/logs/sendmail URI...

Re: Tomcat may reveal script source code by URL trickery

There is another way to get the source from a jsp page using Tomcat. If you don't write HTTP/1.0 or HTTP/1.1 in the end of the GET request, you will get the source code and not the jsp processed. In other words, use Apache + Tomcat if you intend to protect your source code. telnet maq106 8080...