Details
-
Bug
-
Resolution: Fixed
-
High
-
3.6.5, 3.7
-
3.06
-
Description
Tomcat has directory listing enabled by default. This allows browsing directories (such as /images/). It seems that the filters do not take action in preventing the unauthorized access.
When directory listing is disabled (/conf/web.xml in Tomcat directory) Jira gives 404 errors.
See JSP-8129