Thanks Mike for your help,
We are Third party tool called Code insight.
--
Sent from: http://apache-geronimo.328035.n3.nabble.com/Users-f328036.html
Btw, which tool are you using to scan for security problems? We should report
this to the tool vendor.
txs and LieGrue,
strub
> Am 02.07.2018 um 08:54 schrieb Mark Struberg :
>
> Ohh, that's really a false positive :(
>
> From the CVE-2011-5034:
>
>> Apache Geronimo 2.2.1 and earlier
Ohh, that's really a false positive :(
From the CVE-2011-5034:
> Apache Geronimo 2.2.1 and earlier computes hash values for form parameters
> without restricting
This only affects the Apache Geronimo Application Server - which is now retired
btw.
And there it affects HTTP post parameter
No, There is no class mentioned in the report.
Report just says as below Apache activeMQ has these jars and this may lead
to hash collisions.
Apache Geronimo 2.2.1 and earlier computes hash values for form parameters
without restricting the ability to trigger hash collisions predictably,
which
Hi Munna!
Do you have an example code? Classname, method and line number would really
help!
Not quite sure where there would be a hash collision.
txs and LieGrue,
strub
> Am 01.07.2018 um 14:13 schrieb Munna :
>
> Hi,
>
> We are using Apache-activemq-5.13 version.This version contains