Jeff Genender wrote:
Since Tomcat claims to fix this in v5.5.7, we may have to implement the
tactical solution in our apps till we move to Tomcat 5.5.7.
We currently use 5.5.9, so I would assume this has been tended too. Has
anybody examined this to be the case (or not)?
Ran a quick test with various levels of Tomcat. The vulnerability was
fixed in Tomcat 5.5.7 though seems to have reared it's head again in
Tomcat 5.5.9 and 5.5.12.
Jeff, Are you planning to pursue with the Tomcat folks or do I need to
post to their user mailing list?
Thanks
-Dave-
