tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 3743] - double slash bypasses BASIC authentication
Date Thu, 20 Sep 2001 12:55:53 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=3743>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=3743

double slash bypasses BASIC authentication

Larry.Isaacs@sas.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |RESOLVED
         Resolution|                            |FIXED



------- Additional Comments From Larry.Isaacs@sas.com  2001-09-20 05:55 -------
This was fixed in Tomcat 3.2.3 and Tomcat 3.3.  Both normalize the request
by default and disallow certain escapes.

For more info in 3.2.3, refer to section 7.2 in the RELEASE-NOTES file in
TOMCAT_HOME.

In Tomcat 3.3, this is configurable. See the documentation on the
DecodeInterceptor in the serverxml.html file found the TOMCAT_HOME/doc
directory.

Mime
View raw message