On 11 November 2015 at 14:44, Christopher Schultz < ch...@christopherschultz.net> wrote:
> Tomcat could potentially be > used as an attack vector against a system by someone with write-access > to the part of the filesystem where Tomcat stores its serialized session > objects during a restart > if you already can do that... then i think there are other problems first ;) -- Johan Compagner Servoy
