tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Annony Mouse" <>
Subject Re: Questions on session hijack bug in 6.0.14 (CVE-2007-5333)
Date Wed, 04 Jun 2008 00:27:48 GMT
Thank you very much for the fast and detailed response. It is very
reassuring to understand how the attack would actually work, and even
better that it is more limited in scope than I had feared.

On 6/3/08, Mark Thomas <> wrote:

> > 7.) Communications failure can only mean one thing...
> >

Oops. Sorry. Star wars quote (accidentally mis-quoted) to lighten the
tone failed.
"A communications disruption can mean only one thing: invasion!"

I find the system to work very well indeed, and my thanks to all at
Tomcat and Apache for this as well.  As one post I saw mentioned: if
Tomcat had a truly significant security flaw, this users group would
be awash with hundreds of requests for clarification in moments.

Thanks again

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message