Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 43186 invoked from network); 1 Apr 2009 16:53:56 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 1 Apr 2009 16:53:56 -0000 Received: (qmail 58108 invoked by uid 500); 1 Apr 2009 16:53:52 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 58032 invoked by uid 500); 1 Apr 2009 16:53:52 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 58021 invoked by uid 99); 1 Apr 2009 16:53:52 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 01 Apr 2009 16:53:52 +0000 X-ASF-Spam-Status: No, hits=3.7 required=10.0 tests=HTML_MESSAGE,SPF_PASS,WEIRD_PORT X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of mgainty@hotmail.com designates 65.55.111.100 as permitted sender) Received: from [65.55.111.100] (HELO blu0-omc2-s25.blu0.hotmail.com) (65.55.111.100) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 01 Apr 2009 16:53:42 +0000 Received: from BLU142-W21 ([65.55.111.73]) by blu0-omc2-s25.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 1 Apr 2009 09:53:21 -0700 Message-ID: Content-Type: multipart/alternative; boundary="_d3d438e7-e0c0-4402-be6d-145ac771604d_" X-Originating-IP: [71.232.86.84] From: Martin Gainty To: Tomcat Users List Subject: RE: redirection Date: Wed, 1 Apr 2009 12:53:21 -0400 Importance: Normal In-Reply-To: References: <396937.74369.qm@web26203.mail.ukl.yahoo.com> <760618.247057.1238589755669.JavaMail.www@wwinf1502> <0AAE5AB84B013E45A7B61CB66943C17215E6D9BF7B@USEA-EXCH7.na.uis.unisys.com> <22827189.post@talk.nabble.com> <6715CF65287F8F408DA109EC03AC6C0DA14B6EDCF4@puma.melandra.net> <6715CF65287F8F408DA109EC03AC6C0DA14B6EDCF8@puma.melandra.net> MIME-Version: 1.0 X-OriginalArrivalTime: 01 Apr 2009 16:53:21.0657 (UTC) FILETIME=[5D715690:01C9B2EA] X-Virus-Checked: Checked by ClamAV on apache.org --_d3d438e7-e0c0-4402-be6d-145ac771604d_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Gregor can you elucidate any documented security holes in Apache HTTPD? Martin=20 ______________________________________________=20 Verzicht und Vertraulichkeitanmerkung / Disclaimer and confidentiality note= =20 Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaeng= er sein=2C so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiter= leitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient l= ediglich dem Austausch von Informationen und entfaltet keine rechtliche Bin= dungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen w= ir keine Haftung fuer den Inhalt uebernehmen. This message is confidential and may be privileged. If you are not the inte= nded recipient=2C we kindly ask you to please inform the sender. Any unaut= horised dissemination or copying hereof is prohibited. This message serves = for information purposes only and shall not have any legally binding effect= . Given that e-mails can easily be subject to manipulation=2C we can not ac= cept any liability for the content provided. > Date: Wed=2C 1 Apr 2009 17:31:34 +0200 > Subject: Re: redirection > From: rc46fi@googlemail.com > To: users@tomcat.apache.org >=20 > Peter=2C >=20 > On Wed=2C Apr 1=2C 2009 at 4:58 PM=2C Peter Crowther > wrote: >=20 > > And=2C indeed=2C *assuming* that Apache + mod_security + mod_jk + Tomca= t has fewer vulnerabilities than just Tomcat. > > > > I'd also be very interested to see the evidence (either way) on that. > > > See=2C I believe in the statement that the more components you're adding > to an environment=2C the more possibilities there are for a > security-hole. However=2C to believe is not to know... >=20 > However=2C when I check full-disclosure and other security-lists=2C I see > few issues referring to Tomcat=2C but I see quite some issues referring > to HTTPD and it's modules. >=20 > I guess if you're once able to break HTTPD and found your way into the > box=2C harm is on it's way. I further /believe/ that from this point it > makes sense to use as few components as possible. >=20 > Anyhow=2C that's what I believe=2C not what I know. >=20 > Cheers >=20 > Gregor > --=20 > just because your paranoid=2C doesn't mean they're not after you... > gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 > gpgp-key available > @ http://pgpkeys.pca.dfn.de:11371 > @ http://pgp.mit.edu:11371/ >=20 > --------------------------------------------------------------------- > To unsubscribe=2C e-mail: users-unsubscribe@tomcat.apache.org > For additional commands=2C e-mail: users-help@tomcat.apache.org >=20 _________________________________________________________________ Rediscover Hotmail=AE: Get quick friend updates right in your inbox.=20 http://windowslive.com/RediscoverHotmail?ocid=3DTXT_TAGLM_WL_HM_Rediscover_= Updates1_042009= --_d3d438e7-e0c0-4402-be6d-145ac771604d_--