w about "*" to get back the old behavior?
Regards
J
> Gesendet: Donnerstag, 05. März 2020 um 09:34 Uhr
> Von: "Mark Thomas"
> An: users@tomcat.apache.org
> Betreff: Re: Aw: Re: Fix for CVE-2020-1938
> On 05/03/2020 07:12, "Jürgen Göres&qu
>
>Ghostcat is the name of a malware strain that has been around since at
>least October last year. When referencing vulnerabilities it is best to
>stick to the CVE reference since they should be unique (and if something
>goes wrong and they aren't there are procedures to get them re-issued so
Hi,
>> If it is, what is the recommended mitigation? We consider using the
>> "secret" feature (the filtering by request attributes is infeasible
>> for us), but that would be a bit of effort and we are in a hurry.
>>
>
>We're in the same position as you. External web servers talking to
Hi,
we are using Tomcat 9.0.x and 8.5.x in our stack. We make use of the AJP
protocol since we use Apache HTTPD as reverse proxy and found it to be mostly
hazzle-free over the last few years, so we would like to continue using it.
Since the HTTPD and the Tomcats are in general not on the same
