You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2005/11/12 23:08:28 UTC
DO NOT REPLY [Bug 37480] New: -
Log forging possible
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=37480>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=37480
Summary: Log forging possible
Product: Tomcat 5
Version: 5.5.12
Platform: All
OS/Version: All
Status: NEW
Severity: minor
Priority: P5
Component: Catalina
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: markt@apache.org
This issue was reported by Edward Lee via security@apache.org. After private
discussion amongst the Tomcat committers and the original reporter, it was
agreed that this issue could be made public.
The original message follows. The attachments will be attached to this bug report.
> Hi,
>
> In an audit for log forging issues, we discovered multiple
> vulnerabilities in Apache Tomcat 5.5.12. The attached PDF contains
> further details on these vulnerabilities. If you feel that any of our
> findings are in error or would like additional details concerning these
> vulnerabilities, please feel free to contact me at this email address.
>
> Please let us know if you would like us to follow any protocol that you
> have in regards to disclosing vulnerabilities to public forums.
>
> -Eddie
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org