* Apologies for starting a new thread; I just subscribed.

Has anyone been able to make this exploit happen if requests are being
proxied to Mongrel through Apache?  I've been trying variations on the
double-encoding thing and can't trigger the exploit through Apache.
Hitting Mongrel directly does expose the problem.  

I'll still upgrade my servers, of course, but I don't want to send an
unnecessary "upgrade now" note to other folks...

Thanks,

Tom

_______________________________________________
Mongrel-users mailing list
Mongrel-users@rubyforge.org
http://rubyforge.org/mailman/listinfo/mongrel-users

Reply via email to