it as a "cosmetic imperfection" and maybe ask also the
burpsuite-team if this finding is justified.
I wish all a nice weekend!
Thomas
> -Ursprüngliche Nachricht-
> Von: Roberto Benedetti
> Gesendet: Samstag, 16. September 2023 11:46
> An: Tomcat Users List
> Betreff: R:
, the other
security options are left to Tomcat.
We had the same issue and that's how we passed the pen-test.
Roberto
-Messaggio originale-
Da: Peter Kreuser
Inviato: venerdì 15 settembre 2023 21:34
A: Tomcat Users List
Oggetto: Re: HSTS on 401 / error pages
CAUTION - This e-mail
; -Ursprüngliche Nachricht-
>> Von: Christopher Schultz
>> Gesendet: Freitag, 15. September 2023 17:15
>> An: users@tomcat.apache.org
>> Betreff: Re: AW: HSTS on 401 / error pages
>>
>> Thomas,
>>
>>> On 9/14/23 10:03, Thomas Hoffmann
Hello Christ,
> -Ursprüngliche Nachricht-
> Von: Christopher Schultz
> Gesendet: Freitag, 15. September 2023 17:15
> An: users@tomcat.apache.org
> Betreff: Re: AW: HSTS on 401 / error pages
>
> Thomas,
>
> On 9/14/23 10:03, Thomas Hoffmann (Speed4Trade G
Thomas,
On 9/14/23 10:03, Thomas Hoffmann (Speed4Trade GmbH) wrote:
Hello Chris,
-Ursprüngliche Nachricht-
Von: Christopher Schultz
Gesendet: Donnerstag, 14. September 2023 15:26
An: users@tomcat.apache.org
Betreff: Re: HSTS on 401 / error pages
Thomas,
Please start a new thread
Hello Shawn,
> -Ursprüngliche Nachricht-
> Von: Shawn Heisey
> Gesendet: Freitag, 15. September 2023 03:56
> An: Tomcat Users List
> Betreff: Re: AW: HSTS on 401 / error pages
>
> On 9/14/23 08:03, Thomas Hoffmann (Speed4Trade GmbH) wrote:
> > Sorry, I t
On 9/14/23 08:03, Thomas Hoffmann (Speed4Trade GmbH) wrote:
Sorry, I thought removing all content and subject is sufficient. Maybe the
message-id header is used internally(?)
TL;DR: technical details about message threading. Not about Tomcat.
This is what happens when you reply to an
s,
>
>> -Ursprüngliche Nachricht-
>> Von: Christopher Schultz
>> Gesendet: Donnerstag, 14. September 2023 15:26
>> An: users@tomcat.apache.org
>> Betreff: Re: HSTS on 401 / error pages
>>
>> Thomas,
>>
>> Please start a new
Hello Chris,
> -Ursprüngliche Nachricht-
> Von: Christopher Schultz
> Gesendet: Donnerstag, 14. September 2023 15:26
> An: users@tomcat.apache.org
> Betreff: Re: HSTS on 401 / error pages
>
> Thomas,
>
> Please start a new thread next time.
Sorry, I t
Thomas,
Please start a new thread next time.
On 9/14/23 02:20, Thomas Hoffmann (Speed4Trade GmbH) wrote:
Hello everyone,
I would like to get your opinion about the HttpHeaderSecurityFilter in Tomcat.
I configured HSTS in Tomcat and it works well.
When I do a pen-test with burpsuite it
Hello everyone,
I would like to get your opinion about the HttpHeaderSecurityFilter in Tomcat.
I configured HSTS in Tomcat and it works well.
When I do a pen-test with burpsuite it complains that HSTS header is missing on
401 responses.
I couldn’t find much information about whether HSTS makes
11 matches
Mail list logo