tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: Strante tomcat warning - WARNING: Parameters: Character decoding failed. Parameter skipped.
Date Thu, 25 Oct 2007 02:46:28 GMT
Jacob Rhoden wrote:
> Mark Thomas wrote:
>> Jacob Rhoden wrote:
>>  
>>> This is as far as I got. Why would the browser be encoding its requests
>>> in anything other than base64.....
>>>     
>>
>> Are you using mod_jk? There is a config that could cause this.
>>   
> 
> We did not configure the server, our provider did.... I just checked and
> eek!! its using mod_jk2! I suspect that would be the reason.

mod_jk2!!! Are you sure. That module has been deprecated for several
years.

mod_jk2 may be manipulating the URI. You should be aware of
CVE-2007-1860 (see http://tomcat.apache.org/security-jk.html). In
short mod_jk URI handling created a few security holes. We didn't
check mod_jk2 for this issue.

For further reading, see
http://tomcat.apache.org/connectors-doc/reference/apache.html
particularly the ForwardURIxxx directives.

HTH,

Mark

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message