tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Gainty <>
Subject RE: redirection
Date Wed, 01 Apr 2009 16:53:21 GMT


can you elucidate any documented security holes in Apache HTTPD?

Verzicht und Vertraulichkeitanmerkung / Disclaimer and confidentiality note 
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten
wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist
unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet
keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen
wir keine Haftung fuer den Inhalt uebernehmen.
This message is confidential and may be privileged. If you are not the intended recipient,
we kindly ask you to  please inform the sender. Any unauthorised dissemination or copying
hereof is prohibited. This message serves for information purposes only and shall not have
any legally binding effect. Given that e-mails can easily be subject to manipulation, we can
not accept any liability for the content provided.

> Date: Wed, 1 Apr 2009 17:31:34 +0200
> Subject: Re: redirection
> From:
> To:
> Peter,
> On Wed, Apr 1, 2009 at 4:58 PM, Peter Crowther
> <> wrote:
> > And, indeed, *assuming* that Apache + mod_security + mod_jk + Tomcat has fewer vulnerabilities
than just Tomcat.
> >
> > I'd also be very interested to see the evidence (either way) on that.
> >
> See, I believe in the statement that the more components you're adding
> to an environment, the more possibilities there are for a
> security-hole. However, to believe is not to know...
> However, when I check full-disclosure and other security-lists, I see
> few issues referring to Tomcat, but I see quite some issues referring
> to HTTPD and it's modules.
> I guess if you're once able to break HTTPD and found your way into the
> box, harm is on it's way. I further /believe/ that from this point it
> makes sense to use as few components as possible.
> Anyhow, that's what I believe, not what I know.
> Cheers
> Gregor
> -- 
> just because your paranoid, doesn't mean they're not after you...
> gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
> gpgp-key available
> @
> @
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

Rediscover HotmailĀ®: Get quick friend updates right in your inbox.
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message