https://issues.apache.org/bugzilla/show_bug.cgi?id=51698
--- Comment #3 from Edward Quick <edwardqu...@hotmail.com> 2011-09-02 10:35:50 UTC --- Hi there, I was testing this out to see if my site was vulnerable and got the following results. I'm not sure looking at the code comments in ForwardRequestForgeryExample.java if the output below means it's vulnerable and what exactly that exploited. Could you help me out a bit please? Thanks, Ed. C:>java -cp . ForwardRequestForgeryExample Sending AJP Forward-Request Packet... End $ tail -f catalina.out Invoke HelloWorldExample.doPost method: ------------------------------------------- Host: my.evil-site.com RemoteAddr: 1.2.3.4 LocalPort: 999 woo: I am here -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org