William A. Rowe, Jr. wrote:
Mark Thomas wrote:
Description:
When using a RequestDispatcher the target path was normalised before the
query string was removed. A request that included a specially crafted
request parameter could be used to access content that would otherwise be
protected by a
Mark Thomas wrote:
What mitigations are you thinking of?
The description is intended to be sufficient for a user to determine if
they match the vulnerability conditions. And this for this notice I
believe it meets this criteria.
In this case there is no way of configuring yourself away
Mark Thomas wrote:
Description:
When using a RequestDispatcher the target path was normalised before the
query string was removed. A request that included a specially crafted
request parameter could be used to access content that would otherwise be
protected by a security constraint or by
