Mark Thomas wrote:
Did I mention that uri is *not* decoded twice?You did and I still don't agree. The root cause of CVE-2007-1860 was a double decoding. Once in httpd/mod_jk and once in Tomcat.
Why do you don't agree? Please provide a use case and confirm your statements are legitimate. Regards, Mladen. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
