tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <>
Subject Re: %3B in path-info
Date Thu, 10 Apr 2008 23:58:49 GMT
Rémy Maucherat schrieb:
> On Fri, Apr 11, 2008 at 12:19 AM, Jess Holle <> wrote:
>>  Done. []
> Guys, you've been going crazy about a (known) security issue: CVE-2007-1860
> See
> Rémy


I know that we cleaned reencoding of forwarded URLs up in the context of 
the CVE and mod_jk. The semicolon wasn't involved in the CVE though and 
at that time it would have been easier, if the AJP connectors had 
resolved %3Bjsessionid (because then we wouldn't have needed a new JK 
forward option).



To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message