DO NOT REPLY [Bug 51698] ajp CPing/Forward-Request packet forgery, is a design decision? or a security vulnerability?

bugzilla Mon, 29 Aug 2011 12:46:23 -0700

https://issues.apache.org/bugzilla/show_bug.cgi?id=51698


Mark Thomas <ma...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED

--- Comment #2 from Mark Thomas <ma...@apache.org> 2011-08-29 19:45:57 UTC ---
This issue has been allocated CVE-2011-3190.

The Tomcat security team strongly discourages the reporting of potential
security vulnerabilities via public channels such as this issue tracker.
Potential security vulnerabilities should be reported privately to
secur...@tomcat.apache.org

This issue has been fixed in trunk, 7.0.x, 6.0.x and 5.5.x and will be included
in 7.0.21, 6.0.34 and 5.5.34 onwards.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

DO NOT REPLY [Bug 51698] ajp CPing/Forward-Request packet forgery, is a design decision? or a security vulnerability?

Reply via email to