Le 23/11/2016 à 17:06, Arne Nordmark a écrit : > Yet another data point: > > I rebuilt 7.0.56-3+deb8u5 with CVE-2016-6797.patch deleted, and again > the problem goes away.
Would you be able to rebuild with this version of the ResourceLinkFactory class and see if it works better? https://raw.githubusercontent.com/apache/tomcat70/TOMCAT_7_0_73/java/org/apache/naming/factory/ResourceLinkFactory.java
