tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 51698] ajp CPing/Forward-Request packet forgery, is a design decision? or a security vulnerability?
Date Fri, 02 Sep 2011 10:35:50 GMT

--- Comment #3 from Edward Quick <> 2011-09-02 10:35:50 UTC ---
Hi there, I was testing this out to see if my site was vulnerable and got the
following results. I'm not sure looking at the code comments in if the output below means it's vulnerable and
what exactly that exploited. Could you help me out a bit please?


C:>java -cp . ForwardRequestForgeryExample
Sending AJP Forward-Request Packet...

$ tail -f catalina.out
Invoke HelloWorldExample.doPost method:
LocalPort: 999
woo: I am here

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message