tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rémy Maucherat <>
Subject Re: [SECURITY] CVE-2009-0580 Apache Tomcat User enumeration vulnerability with FORM authentication
Date Thu, 04 Jun 2009 17:04:32 GMT
On Thu, Jun 4, 2009 at 6:48 PM, Christopher Schultz
<> wrote:
> I don't see any information disclosure vulnerability in the first place,
> and I don't see how your patch would have fixed it.
> ??!

The behavior was different if the user is not found of if the password is wrong.
(ok, the security issue is not exactly very serious)


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message