Hi,
We have Apache Tomcat 0.0.73 installed on a Windows Server 2019 o/s which is
has a Request Smuggling vulnerability being reported in a BURP scan.
Here Tomcat documentation reports Request Smuggling has been fixed in 9.0.68,
so we don't understand why it would still be reported using 9.0.73.
Without knowing which vulnerability is being tested for and how the
vulnerability is being tested for I don't think anyone here will be able
to help.
A (cleartext) tcpdump of the associated request(s) and response(s) would
also be helpful.
Mark
On 05/07/2023 17:51, James Boggs wrote:
Hi,
Jon,
On 6/30/23 17:21, jonmcalexan...@wellsfargo.com.INVALID wrote:
Hi Chris and Rainer,
Just want to add my .02 worth. Having the ability to "Drain" hosts in a Proxy
configuration would be an awesome boon so you could gracefully take down a "node" for
maintenance, or even just a restart. The
Martin,
On 7/3/23 04:47, Martin Knoblauch wrote:
On 6/29/23 17:06, Rainer Jung wrote:
Since I try to push people into mod_proxy, I am hesitant to implement
more and more features which keep people from switching ;)
Hi Rainer,
so, what do you suggest for the mod_jk retirement?
mod_proxy
Hello,
I was sent this information, I hope this meets your expectations.
-
Request 1
GET / HTTP/1.1
Host: rplans.army.mil
Accept-Encoding: gzip, deflate
Accept:
text/html,application/xhtml+xml,application/xml
We've been seeing problems with failed requests where the response comes back
with duplicate chunked encoding headers:
[Response]
HTTP/1.1 200
Strict-Transport-Security: max-age=86400; includeSubDomains;
Cache-Control: no-cache,no-store
isAuthenticated: true
X-FRAME-OPTIONS: SAMEORIGIN
Transfer-
Hi,
Don't forget to submit talks ASAP to:
https://communityovercode.org/call-for-presentations/
there is a tomcat and httpd track for us.
Cheers
Jean-Frederic
Forwarded Message
Subject: Final Reminder: Community Over Code call for presentations
closing soon
Date: Wed, 28 J
