tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mladen Turk <mt...@apache.org>
Subject Re: svn commit: r544137 - /tomcat/connectors/trunk/jk/native/common/jk_uri_worker_map.c
Date Wed, 06 Jun 2007 12:03:17 GMT
Mark Thomas wrote:
> 
>> Did I mention that uri is *not* decoded twice?
> 
> You did and I still don't agree. The root cause of CVE-2007-1860 was a
> double decoding. Once in httpd/mod_jk and once in Tomcat.
>

Why do you don't agree?
Please provide a use case and confirm your statements are
legitimate.

Regards,
Mladen.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message