tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael McCutcheon <michael.mccutch...@att.net>
Subject Re: [SECURITY] CVE-2011-1582 Apache Tomcat security constraint bypass
Date Fri, 20 May 2011 07:02:27 GMT
On 5/17/2011 5:46 AM, Mark Thomas wrote:
> CVE-2011-1582 Apache Tomcat security constraint bypass
>
> Description:
> An error in the fixes for CVE-2011-1088/CVE-2011-1183 meant that
> security constraints configured via annotations were ignored on the
> first request to a Servlet. Subsequent requests were secured correctly.

I had seen this exact behavior myself and was not sure if it was a bug 
in my code or not.

Anyway, glad it's fixed!

Keep up the good work.

-Mike


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message