https://bz.apache.org/bugzilla/show_bug.cgi?id=62844
Remy Maucherat <r...@apache.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |INVALID OS| |All --- Comment #3 from Remy Maucherat <r...@apache.org> --- You MUST report potential security issues to security @ tomcat.apache.org, never in a public BZ. There is no vulnerability here however, the CGI servlet does not do anything with the path suffix (or file extension), if will simply attempt to execute any path mapped to it. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org