Rsecurity breach on tomcat 6.0.26

[zach Li <za...@hotmail.com>]

Hi, 
 
we are using tomcat 6.0.26 to host a java application. but recently we are experiencing security breach once or twice a week. the issue we are facing is: one user screen(or input) totallly showing up on the different user screen. Those screens have customer sensetive information. 
 
Anyone has similiar experience? how should i trace and fix it?
 
thanks for you help.
 
zach.
 		 	   		  

RE: Rsecurity breach on tomcat 6.0.26

["Caldarale, Charles R" <Ch...@unisys.com>]

> From: zach Li [mailto:zach-li@hotmail.com] 
> Subject: Rsecurity breach on tomcat 6.0.26

> one user screen(or input) totallly showing up on the different user screen.

Your webapp is most likely storing references to the request or response objects in static or instance fields of a servlet (or possibly JSP), or less likely in thread-local variables.  Since a servlet or JSP can be handling many requests concurrently, this is a serious - but typical - logic error.  You'll need to examine your code.

 - Chuck
 

THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org