Thank you very much for the fast and detailed response. It is very
reassuring to understand how the attack would actually work, and even
better that it is more limited in scope than I had feared.
On 6/3/08, Mark Thomas <[EMAIL PROTECTED]> wrote:
>
> > 7.) Communications failure can only mean on
In the process of documenting potential security vulnerabilities in
our product we have found that one of our releases is using a version
of Tomcat which is susceptible to CVE-2007-5333, a session hi-jacking
attack marked as low severity. Being a released product, we cannot
update the Tomcat insta
