Mehrotra, Anurag wrote:
Could there be some kind of backdoor entry happening in the code.
Unlikely. This is the sixth report like this I have seen. So far, we have
got to the bottom of two and in both cases the manager app was the route in.
Whilst a Tomcat flaw is possible (and check out CVE-2008-2938 in case it
applies to you - I just added it to http://tomcat.apache.org/security-6.html)
These events should be causing everyone to:
a) review their security settings carefully
b) make sure they have a plan as to how to react if a vulnerability looks
like it is going to affect them.
Mark
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]