-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
All,
On 2/8/2011 5:32 PM, Christopher Schultz wrote:
> All,
>
> On 2/4/2011 9:05 PM, Mark Thomas wrote:
>> All users are recommended to upgrade to a Tomcat version with the
>> work-around. Users unable to upgrade can filter malicious requests via a
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
All,
On 2/4/2011 9:05 PM, Mark Thomas wrote:
> All users are recommended to upgrade to a Tomcat version with the
> work-around. Users unable to upgrade can filter malicious requests via a
> Servlet filter, an httpd re-write rule (if Tomcat is behind a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The original report is [1].
Tomcat is affected when accessing a form based security constrained
page or any page that calls javax.servlet.ServletRequest.getLocale() or
javax.servlet.ServletRequest.getLocales().
Work-arounds have been implemented in
