https://bz.apache.org/bugzilla/show_bug.cgi?id=59243
--- Comment #6 from muthukumar ---
Ok We whitelisted that paths.. But we want a proper solution . Whitelisted is a
proper solution ? Please explain me the CVE 2008-5515
--
You are receiving this mail because:
You are the assignee for the bug.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59220
--- Comment #6 from Violeta Georgieva ---
(In reply to Scott Nicklous from comment #5)
> I know what you mean and agree with you.
>
> From Tomcat's point of view, the Pluto portal is an application. However,
> Pluto itself hosts portlet appli
https://bz.apache.org/bugzilla/show_bug.cgi?id=59220
--- Comment #5 from Scott Nicklous ---
I know what you mean and agree with you.
>From Tomcat's point of view, the Pluto portal is an application. However, Pluto
itself hosts portlet applications that may come from various sources. The
questio
https://bz.apache.org/bugzilla/show_bug.cgi?id=59243
--- Comment #5 from Christopher Schultz ---
(In reply to Violeta Georgieva from comment #4)
> Fix your application.
Correct. The path-traversal vulnerability has been introduced by your own
application, not by Tomcat.
One of the best ways to
https://bz.apache.org/bugzilla/show_bug.cgi?id=59220
--- Comment #4 from Remy Maucherat ---
The question is really about the cases where complete should be called for the
application (which didn't call it although it should have).
--
You are receiving this mail because:
You are the assignee for
https://bz.apache.org/bugzilla/show_bug.cgi?id=59220
--- Comment #3 from Scott Nicklous ---
Hi Violeta and Remy,
thank you very much for having a look at this so quickly (and thank you, Remy
for fixing 59213 so promptly!). The example servlets I provided were for the
purpose of reproducing the
https://bz.apache.org/bugzilla/show_bug.cgi?id=59247
--- Comment #2 from Coty Sutherland ---
Created attachment 33709
--> https://bz.apache.org/bugzilla/attachment.cgi?id=33709&action=edit
java.security.debug stack trace
I forgot to include the stack trace in the previous tarball.
--
You are
https://bz.apache.org/bugzilla/show_bug.cgi?id=59247
--- Comment #1 from Coty Sutherland ---
Created attachment 33708
--> https://bz.apache.org/bugzilla/attachment.cgi?id=33708&action=edit
More files from testing
In this attachment I've included the catalina.out logs from the tomcat8 tests
usi
https://bz.apache.org/bugzilla/show_bug.cgi?id=59247
Bug ID: 59247
Summary: Using the IBM JDK with the security manager results in
java.lang.RuntimePermission warning
Product: Tomcat 8
Version: 8.0.32
Hardware: PC
Author: markt
Date: Tue Mar 29 12:32:25 2016
New Revision: 1737002
URL: http://svn.apache.org/viewvc?rev=1737002&view=rev
Log:
Try and improve the wording and better differentiate between getting help how
to use Tomcat and help how to use the mailing lists
Modified:
tomcat/site/trunk/docs/li
https://bz.apache.org/bugzilla/show_bug.cgi?id=59243
Violeta Georgieva changed:
What|Removed |Added
Status|REOPENED|RESOLVED
Resolution|---
https://bz.apache.org/bugzilla/show_bug.cgi?id=59243
--- Comment #3 from muthukumar ---
Think my scenario . It is possible to make path traversal attack . It must be a
security issue?
--
You are receiving this mail because:
You are the assignee for the bug.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59243
muthukumar changed:
What|Removed |Added
Status|RESOLVED|REOPENED
Resolution|INVALID
https://bz.apache.org/bugzilla/show_bug.cgi?id=59243
Violeta Georgieva changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|---
https://bz.apache.org/bugzilla/show_bug.cgi?id=59243
Bug ID: 59243
Summary: Path traversal Attack
Product: Tomcat 7
Version: 7.0.67
Hardware: PC
OS: Mac OS X 10.1
Status: NEW
Severity: normal
Pri
https://bz.apache.org/bugzilla/show_bug.cgi?id=58433
Thomas Raehalme changed:
What|Removed |Added
CC||tho...@raehalme.net
--
You are rece
16 matches
Mail list logo
