tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: Questions on session hijack bug in 6.0.14 (CVE-2007-5333)
Date Wed, 04 Jun 2008 00:40:47 GMT

Annony Mouse wrote:
> Thank you very much for the fast and detailed response. It is very
> reassuring to understand how the attack would actually work, and even
> better that it is more limited in scope than I had feared.
> 
> 
> 
> On 6/3/08, Mark Thomas <markt@apache.org> wrote:
> 
>>> 7.) Communications failure can only mean one thing...
>>>
> 
> Oops. Sorry. Star wars quote (accidentally mis-quoted) to lighten the
> tone failed.
> "A communications disruption can mean only one thing: invasion!"

Sorry - I thought there was something about it but couldn't see what it 
was. I should have seen that one. In my defence it is late in the UK ;)

> I find the system to work very well indeed, and my thanks to all at
> Tomcat and Apache for this as well.  As one post I saw mentioned: if
> Tomcat had a truly significant security flaw, this users group would
> be awash with hundreds of requests for clarification in moments.
> 
> Thanks again
You're welcome.

Mark
|

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message