tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ignacio J. Ortega" <na...@siapi.es>
Subject RE: [PATCH] Potential buffer overflow attach in mod_jk
Date Wed, 26 Sep 2001 19:54:16 GMT
I think we need Bill Barker & Kin-Man Chung aboard already.. if we dont
want to have more work that we already have integrating their patches..

Next can change subject and call this a vote about giving them committer
access ASAP :)

Saludos ,
Ignacio J. Ortega


> -----Mensaje original-----
> De: Bill Barker [mailto:wbarker@wilshire.com]
> Enviado el: miƩrcoles 26 de septiembre de 2001 20:31
> Para: tomcat-dev@jakarta.apache.org
> Asunto: [PATCH] Potential buffer overflow attach in mod_jk
> 
> 
> While checking to see how mod_jk handled the ;jsessionid= in 
> the URL, I was
> horrified to see how easily it would be to take control of 
> the server with a
> relatively small buffer overflow.  I'm not really an Apache 
> person, so I'm
> certain that this can be improved on.
> 
> 
> *----*
> 
> This message is intended only for the use of the person(s) 
> listed above 
> as the intended recipient(s), and may contain information that is 
> PRIVILEGED and CONFIDENTIAL.  If you are not an intended recipient, 
> you may not read, copy, or distribute this message or any 
> attachment.  
> If you received this communication in error, please notify us 
> immediately 
> by e-mail and then delete all copies of this message and any 
> attachments.
> 
> 
> In addition you should be aware that ordinary (unencrypted) 
> e-mail sent 
> through the Internet is not secure. Do not send confidential 
> or sensitive 
> information, such as social security numbers, account 
> numbers, personal 
> identification numbers and passwords, to us via ordinary 
> (unencrypted) 
> e-mail. 
> 

Mime
View raw message