In reference to the recent vulnerability disclosure in mod_jk 1.2: http://online.securityfocus.com/archive/1/302169/2002-12-02/2002-12-08/0
Only Tomcat 4.X is mentioned as an affected system; however, reading the description of the flaw makes me believe that it shouldn't matter what the tomcat version is... mod_jk is mishandling the communication. We have Tomcat 3.3.1 / Apache 1.3.x deployed corporate-wide, can anybody confirm whether this vulnerability exists with Tomcat 3.3.x using mod_jk 1.2? -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
