Mark Thomas wrote:
CVE-2014-0097 Information Disclosure
...
Description: The code used to parse the request content length header did not check for overflow in the result. This exposed a request smuggling vulnerability when Tomcat was located behind a reverse proxy that correctly processed the content length header.
I believe you, but I must admit that I don't really get what the problem is, here. If someone feels like explaining.. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org