https://bz.apache.org/bugzilla/show_bug.cgi?id=66032
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |INVALID
Status|NEW |RESOLVED
--- Comment #3 from Mark Thomas <ma...@apache.org> ---
I have confirmed that CVE-2018-11784 is fixed in Tomcat 8.5.61 and is still
present in 8.5.33 (built from source and retested the original reproducer).
If you can reproduce this issue on a clean installation of Apache Tomcat from
the ASF using a version that CVE-2018-11784 states contains the fix then you
should report that PRIVATELY to secur...@tomcat.apache.org and include the full
set of steps to recreate the issue from a clean install.
Note: CVE-2018-11784 can be reproduced with a clean Tomcat installation and
telnet. No additional configuration or web applications are required.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
