https://bz.apache.org/bugzilla/show_bug.cgi?id=69762
--- Comment #1 from Mark Thomas <ma...@apache.org> --- Please don't report potential security issues to the public bug tracker. Instructions for correctly reporting security vulnerabilities can be found at: https://tomcat.apache.org/security.html The Tomcat security team does not believe the issue described is possible since the index is only ever used to read from the dynamic header table rather than insert into it. Therefore, the tables will not become desynchronized. This is a bug although one that is very unlikely to occur in normal usage. The bug will be fixed for the August releases. If you believe you have identified other ways to exploit this behaviour that do have security consequences then please report that as per the link above. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
