tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mladen Turk <>
Subject Re: svn commit: r544137 - /tomcat/connectors/trunk/jk/native/common/jk_uri_worker_map.c
Date Wed, 06 Jun 2007 12:03:17 GMT
Mark Thomas wrote:
>> Did I mention that uri is *not* decoded twice?
> You did and I still don't agree. The root cause of CVE-2007-1860 was a
> double decoding. Once in httpd/mod_jk and once in Tomcat.

Why do you don't agree?
Please provide a use case and confirm your statements are


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message