[Bug 62844] Tomcat CGI suffix name arbitrary resolution vulnerability

bugzilla Mon, 22 Oct 2018 03:42:58 -0700

https://bz.apache.org/bugzilla/show_bug.cgi?id=62844


Remy Maucherat <r...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |INVALID
                 OS|                            |All

--- Comment #3 from Remy Maucherat <r...@apache.org> ---
You MUST report potential security issues to security @ tomcat.apache.org,
never in a public BZ.

There is no vulnerability here however, the CGI servlet does not do anything
with the path suffix (or file extension), if will simply attempt to execute any
path mapped to it.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 62844] Tomcat CGI suffix name arbitrary resolution vulnerability

Reply via email to