James,
On 2/2/23 12:38, James H. H. Lampert wrote:
That I was "shot down in flames" when I tried to get in from my
Chromebook, through the hotspot on my cell phone, makes it unlikely that
Tomcat is seeing a proxy IP, especially given that (as I understand it)
I would have had to authorize the
That I was "shot down in flames" when I tried to get in from my
Chromebook, through the hotspot on my cell phone, makes it unlikely that
Tomcat is seeing a proxy IP, especially given that (as I understand it)
I would have had to authorize the proxy IP to get in from my office IP,
and I have no
On 01/02/2023 21:51, James H. H. Lampert wrote:
On 2/1/23 12:06 PM, Mark Thomas wrote:
The pen tester requested "/app/..;/manager"
The proxy passed that as is to Tomcat since it starts with "/app"
Thanks.
As it happens, this particular customer was the first one in which I
tried putting the
On 2/1/23 12:06 PM, Mark Thomas wrote:
The pen tester requested "/app/..;/manager"
The proxy passed that as is to Tomcat since it starts with "/app"
Thanks.
As it happens, this particular customer was the first one in which I
tried putting the only IP addresses with any business accessing ma
On 01/02/2023 18:48, James H. H. Lampert wrote:
We got this from a customer who did a security scan:
A Tomcat Manager login panel was discovered via path normalization.
Normalizing a path involves modifying the string that identifies a
path or file so that it conforms to a valid path on the tar
We got this from a customer who did a security scan:
A Tomcat Manager login panel was discovered via path normalization.
Normalizing a path involves modifying the string that identifies a
path or file so that it conforms to a valid path on the target
operating system.
QID Detection Logic: This
