Howdy, >No. I've not been able to isolate the bug well enough to reproduce it, so >there's nothing to test with. I have only observed the vulnerability in our >current production server. I've since disabled access for the IP range >that was generating the problematic http requests.
Fair enough ;) If you have spare time and/or a test a server, consider trying a later tomcat version such as 4.1.29 or 5.0.18. You can probably use JMeter to simulate some/most of the HTTP request headers from your problematic clients. Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
