On Jan 23, 2014, at 1:11 AM, Bahram Akhundov <deutsch1...@hotmail.de> wrote:
> Hi Marcelo. > I have found bug :) > If traffic server the latest version installed (4.1.2) , i can XSS and SQL > injection make :) > The latest version have vuln :) > I will ddos onw eb site, then the traffic server will caching the web site, > in this time i will read from SQL injection the mysql admin pass :) > I says the latest version have bug :) > This bug is the traffic server geve me allow to run XSS or SQL injection :) > I wait from you reply... > If you believe you have found a security issue, please read http://apache.org/security/, and report it to the Apache Security Team, secur...@apache.org. thanks, James
