Hi Calder/Team,
I set the below flag as false but still it will giving the same error.
I am using Apache http server(with AJP worker) and tomcat configuration, Is am
I missing something in configuration, please let me know?
Thanks and Regards,
Rajendra Rathore
9922701491
-Original
Hi Rémy and Mark,
Just want to say thank you for looking into this and it is much appreciated.
Regards
Jong
From: Rémy Maucherat
Sent: Wednesday, February 26, 2020 20:17
To: Tomcat Users List
Subject: Re: javax.servlet.ServletContainerInitializer defined in jar
Am 24.02.2020 um 13:47 schrieb Mark Thomas:
> CVE-2020-1938 AJP Request Injection and potential Remote Code Execution
>
> Severity: High
>
> ...
> - returning arbitrary files from anywhere in the web application
> including under the WEB-INF and META-INF directories or any other
> location
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Alexander,
On 2/29/20 11:32, Alexander Curvers wrote:
> HI i know. that comment block was just an example, my real config
> has several host sections, none of them with commented blocks I
> should over un-commented before i posted here on the
I hit a snag with the query string. In some cases it contains the
webapp base URI in a query parameter, such as:
/admin/acl/authorizations/?forClass=https%3A//localhost%3A5443/admin/ns%23Authorization
So I'm trying to rewrite those as well, from
https%3A//localhost%3A5443/ to