tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject [PATCH] Potential buffer overflow attach in mod_jk
Date Wed, 26 Sep 2001 18:30:45 GMT
While checking to see how mod_jk handled the ;jsessionid= in the URL, I was
horrified to see how easily it would be to take control of the server with a
relatively small buffer overflow.  I'm not really an Apache person, so I'm
certain that this can be improved on.


*----*

This message is intended only for the use of the person(s) listed above 
as the intended recipient(s), and may contain information that is 
PRIVILEGED and CONFIDENTIAL.  If you are not an intended recipient, 
you may not read, copy, or distribute this message or any attachment.  
If you received this communication in error, please notify us immediately 
by e-mail and then delete all copies of this message and any attachments.


In addition you should be aware that ordinary (unencrypted) e-mail sent 
through the Internet is not secure. Do not send confidential or sensitive 
information, such as social security numbers, account numbers, personal 
identification numbers and passwords, to us via ordinary (unencrypted) 
e-mail. 
Mime
View raw message