The best description I have seen is at <http://www.securityfocus.com/bid/2518>. That's Bugtraq ID 2518. I was using Tomcat 3.2.1 on UNIX systems, and it had the bug. I have updated to Tomcat 3.2.2b2, and the bug is gone there. I am using Tomcat directly, not through Apache. I do not know whether those using Tomcat through Apache have a vulnerability. Mike
- Security Problem with Tomcat davea
- Mike Spreitzer
