Disabling invoker servlet in Tomcat4
Last night I decided to test my server by attacking it with Nessus. One
of the things it reported was a vulnerability in Tomcat. I figured this
was the most appropriate forum to discuss this.
It pointed me to
I went in and commented out the following section in
and it seems that is a valid workaround (don't take my word for it
though, I'm a really a newbie!)
However, the servlet examples doesn't work anymore, that's OK with me,
but I guess it is difficult to disable the invoker servlet by default.
Another option is perhaps to provide an explicit map for the examples,
Anyway, I thought I'd bring it up. :-)
email@example.com firstname.lastname@example.org email@example.com