Return-Path: Delivered-To: apmail-tomcat-dev-archive@www.apache.org Received: (qmail 72796 invoked from network); 22 Oct 2007 17:36:04 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 22 Oct 2007 17:36:04 -0000 Received: (qmail 87061 invoked by uid 500); 22 Oct 2007 17:35:50 -0000 Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org Received: (qmail 87014 invoked by uid 500); 22 Oct 2007 17:35:50 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 87002 invoked by uid 99); 22 Oct 2007 17:35:50 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 22 Oct 2007 10:35:50 -0700 X-ASF-Spam-Status: No, hits=2.0 required=10.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of costin@gmail.com designates 209.85.128.185 as permitted sender) Received: from [209.85.128.185] (HELO fk-out-0910.google.com) (209.85.128.185) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 22 Oct 2007 17:35:53 +0000 Received: by fk-out-0910.google.com with SMTP id f40so1286194fka for ; Mon, 22 Oct 2007 10:35:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:references; bh=NQsqNpl1Cytm5cxn3pq424J/Zge3HPGehfKQguBA+eU=; b=O0/EdFrgRgVK+MI+l49sXxPiAQAja7l6f39e6bvKyeYoejMPTz1OQ/RFAi/kFx1f7LOXpCMSw5t6p2lNyS08PkfUoOkdm579De+YW2NOx1OfwakKuL5L/g+QR+5Mi3QO0y4iJ4EdCanUJ0+hNlARsFMyNu0NGj9GoQOrL/xVRy0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:references; b=d1v9qg+wAJdJZG3ZC9HmKz1icxMPz2dmRQkVkBdjL5JaJeyhPqQXDmkghEAcSy0lJxto+Z61hu8Eko89Pw83zDriAevrsW7iwUx6BR2LHPIDQVQtdy3zKyt46W6abTUeKESxXFGSsFJsbolXl3xx0KohhevJ8rq+Wj1W0o3V+Xk= Received: by 10.82.106.14 with SMTP id e14mr207907buc.1193074531778; Mon, 22 Oct 2007 10:35:31 -0700 (PDT) Received: by 10.82.175.1 with HTTP; Mon, 22 Oct 2007 10:35:31 -0700 (PDT) Message-ID: <96e4b5230710221035u6042384ew211d8c5d81825c6d@mail.gmail.com> Date: Mon, 22 Oct 2007 10:35:31 -0700 From: "Costin Manolache" Reply-To: costin@apache.org To: "Tomcat Developers List" Subject: Re: [Fwd: [Security] - **Updated** Important vulnerability disclosed in Apache Tomcat webdav servlet] In-Reply-To: <1192970859.3297.6.camel@localhost.localdomain> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_17589_33036756.1193074531760" References: <471AC1D9.4060102@apache.org> <1192970859.3297.6.camel@localhost.localdomain> X-Virus-Checked: Checked by ClamAV on apache.org ------=_Part_17589_33036756.1193074531760 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: base64 Content-Disposition: inline V2hhdCBpcyBhcGFjaGUgZG9pbmcgPyBCZXR0ZXIgYmUgY29uc2lzdGVudCwgYm90aCBzaWRlcyAo bG9nIG9yIG5vIGxvZykgaGF2ZQp2YWx1ZS4KCiggbG9nIC0gZ29vZCB0byBrbm93IGl0J3MgaGFw cGVuaW5nLCBuby1sb2cgLSBkb24ndCB3YW50IHRvIGZpbGwgdGhlIGxvZ3MKd2l0aCBnYXJiYWdl IGlmIHRoZXkgZG8gaXQgZnJvbSAgbG90cyBvZiBtYWNoaW5lcyAvIGRyb25lcyApCgpDb3N0aW4K V2hhdCBpcwoKT24gMTAvMjEvMDcsIFLDqW15IE1hdWNoZXJhdCA8cmVtbUBhcGFjaGUub3JnPiB3 cm90ZToKPgo+IE9uIFNhdCwgMjAwNy0xMC0yMCBhdCAyMzowNCAtMDQwMCwgTWFyayBUaG9tYXMg d3JvdGU6Cj4gPiBUaGUgbWl0aWdhdGlvbnMgYXZhaWxhYmxlIGFyZToKPiA+IC0gLSBEaXNhYmxl IHdyaXRlIGFjY2VzcyB1bnRpbCBhIGZpeGVkIHZlcnNpb24gaXMgcmVsZWFzZWQKPiA+IC0gLSBM aW1pdCB3cml0ZSBhY2Nlc3MgdG8gdHJ1c3RlZCB1c2Vycwo+ID4gLSAtIEFwcGx5IHRoZSBmb2xs b3dpbmcgcGF0Y2ggd2hpY2ggd2lsbCBiZSBpbmNsdWRlZCBpbiB0aGUgbmV4dAo+ID4gcmVsZWFz ZXMgb2YgNi4wLngsIDUuNS54IGFuZCA0LjEueAo+Cj4gU2luY2UgaXQncyBhbiBvYnZpb3VzIGhh Y2tpbmcgYXR0ZW1wdCwgSSBjaG9zZSB0byB1c2UgdGhpcyBtZXRob2QKPiBpbnN0ZWFkOgo+ICAg ICAgICAgICAgIGRvY3VtZW50QnVpbGRlci5zZXRFbnRpdHlSZXNvbHZlcgo+ICAgICAgICAgICAg ICAgICAobmV3IEVudGl0eVJlc29sdmVyKCkgewo+ICAgICAgICAgICAgICAgICAgICAgcHVibGlj IElucHV0U291cmNlIHJlc29sdmVFbnRpdHkoU3RyaW5nIHB1YmxpY0lkLAo+IFN0cmluZyBzeXN0 ZW1JZCkKPiAgICAgICAgICAgICAgICAgICAgICAgICB0aHJvd3MgU0FYRXhjZXB0aW9uLCBJT0V4 Y2VwdGlvbiB7Cj4gICAgICAgICAgICAgICAgICAgICAgICAgcmV0dXJuIG5ldyBJbnB1dFNvdXJj ZShuZXcgU3RyaW5nUmVhZGVyKCIiKSk7Cj4gICAgICAgICAgICAgICAgICAgICB9Cj4gICAgICAg ICAgICAgICAgIH0pOwo+Cj4gLT4gbm8gbG9nZ2luZywgcmVwbGFjZSB3aXRoIGJsYW5rIHRleHQg KEkgd2FzIHVzaW5nIGFuIElTRSByaWdodCBiZWZvcmUKPiBpbnN0ZWFkIG9mIGFuIGlucHV0IHNv dXJjZSwgYnV0IHRoZXJlJ3Mgbm8gcmVhbCBqdXN0aWZpY2F0aW9uKQo+Cj4gUsOpbXkKPgo+Cj4K PiAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0KPiBUbyB1bnN1YnNjcmliZSwgZS1tYWlsOiBkZXYtdW5zdWJzY3JpYmVA dG9tY2F0LmFwYWNoZS5vcmcKPiBGb3IgYWRkaXRpb25hbCBjb21tYW5kcywgZS1tYWlsOiBkZXYt aGVscEB0b21jYXQuYXBhY2hlLm9yZwo+Cj4K ------=_Part_17589_33036756.1193074531760--