its ok James :) Von meinem iPhone 5 gesendet
> Am 23 yan, 2014 um 21:08 schrieb "James Peach" <jpe...@apache.org>: > >> On Jan 23, 2014, at 1:11 AM, Bahram Akhundov <deutsch1...@hotmail.de> wrote: >> >> Hi Marcelo. >> I have found bug :) >> If traffic server the latest version installed (4.1.2) , i can XSS and SQL >> injection make :) >> The latest version have vuln :) >> I will ddos onw eb site, then the traffic server will caching the web site, >> in this time i will read from SQL injection the mysql admin pass :) >> I says the latest version have bug :) >> This bug is the traffic server geve me allow to run XSS or SQL injection :) >> I wait from you reply... > > If you believe you have found a security issue, please read > http://apache.org/security/, and report it to the Apache Security Team, > secur...@apache.org. > > thanks, > James
