Thanks a lot for the clear explanation, Mark. I have all my questions
answered, appreciate your help & you guys are Great!
My apologies for the previous follow-up emails, I am still a novice in
tomcat & failed in understanding the exact fix quicker.
regards
Harish Krishnan
On Wed, Mar 16, 2016 a
On 15/03/2016 20:58, Harish Krishnan wrote:
> Hello There,
>
> I am kind of blocked here in my project while applying your CVE fix in our
> product & verify the fix. Any guidelines on what i am doing (mentioned in
> my previous email) wrong is highly appreciated.
You are failing to follow the hi
Hello There,
I am kind of blocked here in my project while applying your CVE fix in our
product & verify the fix. Any guidelines on what i am doing (mentioned in
my previous email) wrong is highly appreciated.
All i am trying to do is, disable the redirect for the root (Ex: /manager &
/examples i
Any help on my previous question is really appreciated.
Thank You!
On Fri, Mar 11, 2016 at 4:05 PM, Harish Krishnan
wrote:
> Thanks again for the reply, Chris & Violeta!
> Thanks for clarifying what the "protected directory" is, even i guessed it
> to be same. Now i understood the fix for the di
Thanks again for the reply, Chris & Violeta!
Thanks for clarifying what the "protected directory" is, even i guessed it
to be same. Now i understood the fix for the directories protected by a
security constraint. I also verified this & the redirect is no more
happening for these protected ones. Rea
Harish,
On 3/8/16 5:47 PM, Harish Krishnan wrote:
> Thanks Chris for the reply.
> Looks like my understanding of the fix is incorrect.
> I assumed (my bad) that, with the fix for this CVE in place (tomcat
> 7.0.68) + setting the additional context attribute
> (mapperContextRootRedirectEnabled="fal
Hi Harish,
2016-03-09 0:47 GMT+02:00 Harish Krishnan :
>
> Thanks Chris for the reply.
> Looks like my understanding of the fix is incorrect.
> I assumed (my bad) that, with the fix for this CVE in place (tomcat
> 7.0.68) + setting the additional context attribute
> (mapperContextRootRedirectEnabl
Thanks Chris for the reply.
Looks like my understanding of the fix is incorrect.
I assumed (my bad) that, with the fix for this CVE in place (tomcat
7.0.68) + setting the additional context attribute
(mapperContextRootRedirectEnabled="false"), all the redirects for that
webapp where context attribu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Harish,
On 3/7/16 6:02 PM, Harish Krishnan wrote:
> Unfortunately, i still could not verify this vulnerability as it
> still appears not fixed & my requests get redirected.
What makes you think that the requests should not be redirected?
> Instead o
Thanks for the reply, Mark.
Unfortunately, i still could not verify this vulnerability as it still
appears not fixed & my requests get redirected.
Instead of using the manager webapp that comes default in tomcat, we
created a sample webapp with the following security constraint -
he
On 07/03/2016 20:23, Harish Krishnan wrote:
> Hi There,
>
> I am verifying the fix that you made for CVE-2015-5345 & it appears to be
> not fixed. I might be doing something wrong & hence sending out this email
> to you.
> All i did was,
> a) Downloaded & installed the latest tomcat build 7.0.68.
Hi There,
I am verifying the fix that you made for CVE-2015-5345 & it appears to be
not fixed. I might be doing something wrong & hence sending out this email
to you.
All i did was,
a) Downloaded & installed the latest tomcat build 7.0.68.
b) Added the following context attribute to manager webap
12 matches
Mail list logo
