Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 41291 invoked from network); 10 Feb 2011 23:04:32 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 10 Feb 2011 23:04:32 -0000 Received: (qmail 69885 invoked by uid 500); 10 Feb 2011 23:04:28 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 69750 invoked by uid 500); 10 Feb 2011 23:04:28 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 69674 invoked by uid 99); 10 Feb 2011 23:04:27 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 10 Feb 2011 23:04:27 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of rosenberg.leon@gmail.com designates 209.85.210.173 as permitted sender) Received: from [209.85.210.173] (HELO mail-iy0-f173.google.com) (209.85.210.173) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 10 Feb 2011 23:04:20 +0000 Received: by iye19 with SMTP id 19so1851128iye.18 for ; Thu, 10 Feb 2011 15:03:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:date:message-id:subject:from:to :content-type; bh=Ezc7PpmEr0xKpd9QUFoO++CJ3C8pp/D7REmtqd6N108=; b=X90XEApdljhFxMD6h+06WjzhNhXLnkCt//k5W7pyh0Ijrvn03OwI0kRqRGixgcchC4 8VlYu2MpZbTQhOxhl8GfxBLOkv/n8QKqxXjPR7tyVOac2KIOjFxDrgnOsey++zcJqo1i gkrePCkdCXDvoCJzuOVDkbiyBYywozZTF+XxM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=cNgDDuEgbpjexAONsbtl6LFdOMKfKv9FpFCB/BNc8FQ9EfSNKP4e+EguJiNURzPH4p bQXIcvncbclTcmOl1F8BXQa07w0DScvPtNwYtW9kDakM1PyW6uBYqptU/mmvg0nA0AUR 9SgwHok9vuU1vB0WhlNdE3UQeeqOLXh6KM1LY= MIME-Version: 1.0 Received: by 10.42.178.202 with SMTP id bn10mr649872icb.456.1297379039546; Thu, 10 Feb 2011 15:03:59 -0800 (PST) Received: by 10.42.138.201 with HTTP; Thu, 10 Feb 2011 15:03:59 -0800 (PST) Date: Fri, 11 Feb 2011 00:03:59 +0100 Message-ID: Subject: CVE-2010-4476 - is it fixed or not? From: Leon Rosenberg To: Tomcat Users List Content-Type: text/plain; charset=ISO-8859-1 Hi, short question, I read in the http://tomcat.apache.org/security-6.html that a possible DoS attack vulnerability has been fixed in Request class. Does that mean that CVE-2010-4476 is a) not an issue with 6.0.32++ b) not an issue unless the app uses Double.parseDouble c) probably not in issue in tomcat, at least until someone finds out it is. regards Leon --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org