Well, I can only confirm TC 3.3.x using mod_jk 1.1, but this one is fine. As I understand this problem, it is entirely due to the previously reported problem with Apache handling Chunked-Encoding (fixed in Apache 1.3.27+). It isn't an independent problem with mod_jk.
"Jason Bruce" <[EMAIL PROTECTED]> wrote in message 001301c29d2c$121ede90$3d0e3e0a@win2k">news:001301c29d2c$121ede90$3d0e3e0a@win2k... > In reference to the recent vulnerability disclosure in mod_jk 1.2: > > http://online.securityfocus.com/archive/1/302169/2002-12-02/2002-12-08/0 > > Only Tomcat 4.X is mentioned as an affected system; however, reading the > description of the flaw makes me believe that it shouldn't matter what the > tomcat version is... mod_jk is mishandling the communication. We have > Tomcat 3.3.1 / Apache 1.3.x deployed corporate-wide, can anybody confirm > whether this vulnerability exists with Tomcat 3.3.x using mod_jk 1.2? -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
