Got it.
Appreciate your clarification, Christopher. I will keep post clear to
understand.:)
On Fri, Sep 24, 2010 at 9:56 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Viola,
>
> On 9/22/2010 11:29 PM, viola lu wrote:
> > than
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Viola,
On 9/22/2010 11:29 PM, viola lu wrote:
> thanks. I tried it on tomcat 6.0.26, and 6.0.29, it worked for the second
> one, i can get correct response headers on tomcat 6.0.26 and tomcat 6.0.29:
> tomcat 6.0.26
What is "the first one" and "the s
After debug into tomcat source code, i found that if transfer-encode is set
as 'buffered', tomcat 6.0.26 will report null pointer exception in buffered
filter recycle, but in tomcat 6.0.29 , directly report 501 error. But not
sure attackers how to obtain sensitive information via a crafted header?
thanks. I tried it on tomcat 6.0.26, and 6.0.29, it worked for the second
one, i can get correct response headers on tomcat 6.0.26 and tomcat 6.0.29:
tomcat 6.0.26
suse10sp268:~ # wget -S -O - --post-data='test send post'
http://9.125.1.248:8080/BasicAuthor_without_realm/BasicAuthor
--07:21:33-- h
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Viola,
On 9/21/2010 10:13 PM, viola lu wrote:
> Here is my client:
[snip]
Note that your client can be replaced by this one-liner:
$ wget -S -O - --header='Transfer-Encoding: unsupported' \
--post-data='test send post' \
http://localh
On 21/09/2010 19:13, viola lu wrote:
> Can someone give some hints?
Take a look at the security pages.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apach
Hi,
>From tomcat 6.0.28 fix list:
http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.28,
there are two security vulnerabilities fixed, but i have no idea how to
trigger these flaws in tomcat 6.0.27 and what's the failure should be after
several trial
for example the first one:*Remo
