On 10/02/2011 23:03, Leon Rosenberg wrote:
Hi,
short question, I read in the http://tomcat.apache.org/security-6.html
that a possible DoS attack vulnerability has been fixed in Request
class.
Does that mean that CVE-2010-4476 is
a) not an issue with 6.0.32++
True. Also not an issue with
On 02/11/2011 10:42 AM, Mark Thomas wrote:
b) not an issue unless the app uses Double.parseDouble
False. As per the announcement sent to all the usual places:
quote
Tomcat is affected when accessing a form based security constrained
page or any page that calls
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Leon,
On 2/10/2011 6:03 PM, Leon Rosenberg wrote:
short question, I read in the http://tomcat.apache.org/security-6.html
that a possible DoS attack vulnerability has been fixed in Request
class.
Does that mean that CVE-2010-4476 is
a) not an
Hi,
short question, I read in the http://tomcat.apache.org/security-6.html
that a possible DoS attack vulnerability has been fixed in Request
class.
Does that mean that CVE-2010-4476 is
a) not an issue with 6.0.32++
b) not an issue unless the app uses Double.parseDouble
c) probably not in issue