Re: [SECURITY] CVE-2024-38286 Apache Tomcat - Denial of Service

On Mon, Sep 23, 2024 at 5:54 AM Mark Thomas wrote: > > CVE-2024-38286 Apache Tomcat - Denial of Service > > Severity: Important > > Vendor: The Apache Software Foundation > > Versions Affected: > Apache Tomcat 11.0.0-M1 to 11.0.0-M20 > Apache Tomcat 10.1.0-M1 to 10.1.24 > Apache Tomcat 9.0.13 to 9

Re: [SECURITY] CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence

s/PersistenceManager/PersistentManager/g Is that a typo? Thanks. -ag On Wed, May 20, 2020 at 8:19 AM Mark Thomas wrote: > > CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence > > Severity: High > > Vendor: The Apache Software Foundation > > Versions Affected: > Apache To

Revision 1601333 - Fix for CVE-2014-0227

Hello, This is my first post, and thank you the Apache team for bring us Tomcat. Your hard work is greatly appreciated! I have a query about the fix for request smuggling issue (CVE-2014-0227) -- when I inspected revision 1601333, I fail to understand what the fix is, since all the patch seems to