tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Manico <...@manico.net>
Subject Re: Exploiting Tomcat
Date Thu, 14 Aug 2008 03:27:07 GMT
I can feel the love. Thanks for your constructive comment, William.

- Jim
> Jim Manico wrote:
>> This is a worthwhile post to read regarding path traversal attacks 
>> against tomcat.
>>
>> http://www.0x000000.com/?i=630
>
> Worthwhile?  To note the community frustration against Tomcat parsers?
> Must be what you meant since the author adds nothing.
>
> New information is always welcome.  Primary sources for the win;
>
> http://outian.org/tomcat.pdf
> https://issues.apache.org/bugzilla/show_bug.cgi?id=45417
> http://www.securityfocus.com/archive/1/495318/30/0/threaded
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>


-- 
Jim Manico, Senior Application Security Engineer
jim.manico@aspectsecurity.com | jim@manico.net
(301) 604-4882 (work)
(808) 652-3805 (cell)

Aspect Security™
Securing your applications at the source
http://www.aspectsecurity.com

---------------------------------------------------------------
Management, Developers, Security Professionals ...
... can only result in one thing. BETTER SECURITY.
http://www.owasp.org/index.php/OWASP_NYC_AppSec_2008_Conference  
Sept 22nd-25th 2008



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message