nambo.k...@oss.ntt.co.jp wrote:
> BTW I've found a typo in the security reports.
> http://tomcat.apache.org/security-5.html
> http://tomcat.apache.org/security-4.html
> low: Information disclosure CVE-2008-4308
> Bug 40711 may result in the disclosure of POSTed .
>
> 40711 -> 407
From: ma...@apache.org
Subject: Re: [SECURITY] CVE-2008-4308: Tomcat information disclosure
vulnerability
Date: Thu, 05 Mar 2009 12:45:10 +0100
> nambo.k...@oss.ntt.co.jp wrote:
> > Hi, Mark.
> >
> >> The unsupported Tomcat 3.x, 4.0.x and 5.0.x versions may be also affec
nambo.k...@oss.ntt.co.jp wrote:
> Hi, Mark.
>
>> The unsupported Tomcat 3.x, 4.0.x and 5.0.x versions may be also affected
> I checked Tomcat 5.0.x source code and I've found that
> org.apache.coyote.http11.filters.SavedRequestInputFilter is NOT included.
> Does this mean Tomcat 5.0.x is not affe
Hi, Mark.
> The unsupported Tomcat 3.x, 4.0.x and 5.0.x versions may be also affected
I checked Tomcat 5.0.x source code and I've found that
org.apache.coyote.http11.filters.SavedRequestInputFilter is NOT included.
Does this mean Tomcat 5.0.x is not affected by this vulnerability?
Advice, please
