HOWTO: the right way to configure security constraints to protect CGI scripts in web.xml

2025-04-08 Thread Justin Chen
Dear users and supporters, Currently I have two CGI scripts: 1. "/cgi-bin/update" //an administrative command, required role="admin" 2. "/cgi-bin/updateOrder" //update order, required role="biz" In order to protect above endpoints via web.xml security-constraints mechanism, how shall I do? Rega

Re: HOWTO: the right way to configure security constraints to protect CGI scripts in web.xml

2025-04-09 Thread Justin Chen
From: Christopher Schultz Sent: Thursday, April 10, 2025 2:22 To: users@tomcat.apache.org Subject: Re: HOWTO: the right way to configure security constraints to protect CGI scripts in web.xml Mark, On 4/8/25 5:40 PM, Mark Thomas wrote: > 8 Apr 2025 21:45:50 Ch

Re: HOWTO: the right way to configure security constraints to protect CGI scripts in web.xml

2025-04-08 Thread Justin Chen
Sent: Wednesday, April 9, 2025 5:40 To: Tomcat Users List Subject: Re: HOWTO: the right way to configure security constraints to protect CGI scripts in web.xml 8 Apr 2025 21:45:50 Christopher Schultz : > Justin, > > On 4/8/25 3:16 AM, Justin Chen wrote: >> Dear users and supporters,

Problem when put a one-byte file partially

2025-04-14 Thread Justin Chen
hi, Main branch: Receive unexpected 400 for curl put with content-range header value "bytes 0-0/1" and -d c. PR submitted. Regards, Chenjp

Re: [SECURITY] CVE-2025-46701 Apache Tomcat - CGI security constraint bypass

2025-05-30 Thread Justin Chen
Per original reports from Greg K, pathInfo is not the only weakness. From: Mark Thomas Sent: Friday, May 30, 2025 3:02 To: Tomcat Users List Cc: annou...@apache.org; annou...@tomcat.apache.org; Tomcat Developers List Subject: [SECURITY] CVE-2025-46701 Apa