https://bz.apache.org/bugzilla/show_bug.cgi?id=59243
--- Comment #6 from muthukumar ---
Ok We whitelisted that paths.. But we want a proper solution . Whitelisted is a
proper solution ? Please explain me the CVE 2008-5515
--
You are receiving this mail because:
https://bz.apache.org/bugzilla/show_bug.cgi?id=59220
--- Comment #6 from Violeta Georgieva ---
(In reply to Scott Nicklous from comment #5)
> I know what you mean and agree with you.
>
> From Tomcat's point of view, the Pluto portal is an application. However,
> Pluto
https://bz.apache.org/bugzilla/show_bug.cgi?id=59220
--- Comment #5 from Scott Nicklous ---
I know what you mean and agree with you.
>From Tomcat's point of view, the Pluto portal is an application. However, Pluto
itself hosts portlet applications that may come from
https://bz.apache.org/bugzilla/show_bug.cgi?id=59243
--- Comment #5 from Christopher Schultz ---
(In reply to Violeta Georgieva from comment #4)
> Fix your application.
Correct. The path-traversal vulnerability has been introduced by your own
application, not by
https://bz.apache.org/bugzilla/show_bug.cgi?id=59220
--- Comment #4 from Remy Maucherat ---
The question is really about the cases where complete should be called for the
application (which didn't call it although it should have).
--
You are receiving this mail because:
You
https://bz.apache.org/bugzilla/show_bug.cgi?id=59220
--- Comment #3 from Scott Nicklous ---
Hi Violeta and Remy,
thank you very much for having a look at this so quickly (and thank you, Remy
for fixing 59213 so promptly!). The example servlets I provided were for the
https://bz.apache.org/bugzilla/show_bug.cgi?id=59247
--- Comment #2 from Coty Sutherland ---
Created attachment 33709
--> https://bz.apache.org/bugzilla/attachment.cgi?id=33709=edit
java.security.debug stack trace
I forgot to include the stack trace in the previous
https://bz.apache.org/bugzilla/show_bug.cgi?id=59247
--- Comment #1 from Coty Sutherland ---
Created attachment 33708
--> https://bz.apache.org/bugzilla/attachment.cgi?id=33708=edit
More files from testing
In this attachment I've included the catalina.out logs from the
https://bz.apache.org/bugzilla/show_bug.cgi?id=59247
Bug ID: 59247
Summary: Using the IBM JDK with the security manager results in
java.lang.RuntimePermission warning
Product: Tomcat 8
Version: 8.0.32
Hardware: PC
Author: markt
Date: Tue Mar 29 12:32:25 2016
New Revision: 1737002
URL: http://svn.apache.org/viewvc?rev=1737002=rev
Log:
Try and improve the wording and better differentiate between getting help how
to use Tomcat and help how to use the mailing lists
Modified:
https://bz.apache.org/bugzilla/show_bug.cgi?id=59243
Violeta Georgieva changed:
What|Removed |Added
Status|REOPENED|RESOLVED
https://bz.apache.org/bugzilla/show_bug.cgi?id=59243
--- Comment #3 from muthukumar ---
Think my scenario . It is possible to make path traversal attack . It must be a
security issue?
--
You are receiving this mail because:
You are the assignee for the bug.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59243
muthukumar changed:
What|Removed |Added
Status|RESOLVED|REOPENED
https://bz.apache.org/bugzilla/show_bug.cgi?id=59243
Violeta Georgieva changed:
What|Removed |Added
Status|NEW |RESOLVED
https://bz.apache.org/bugzilla/show_bug.cgi?id=59243
Bug ID: 59243
Summary: Path traversal Attack
Product: Tomcat 7
Version: 7.0.67
Hardware: PC
OS: Mac OS X 10.1
Status: NEW
Severity: normal
https://bz.apache.org/bugzilla/show_bug.cgi?id=58433
Thomas Raehalme changed:
What|Removed |Added
CC|
[
https://issues.apache.org/jira/browse/MTOMCAT-211?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15215546#comment-15215546
]
Magnus Skoglund commented on MTOMCAT-211:
-
What are the plans for a release 2.3 of
17 matches
Mail list logo