Summary: | False positive: Somebody try to hack into the site!!! | ||
---|---|---|---|
Product: | Tomcat Connectors | Reporter: | Arild Røkenes <arild.rokenes> |
Component: | isapi | Assignee: | Tomcat Developers Mailing List <dev> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | P2 | ||
Version: | 1.2.42 | ||
Target Milestone: | --- | ||
Hardware: | PC | ||
OS: | All |
Description
Arild Røkenes
2017-02-18 19:56:20 UTC
I can confirm that the false positive is still present however I can't recreate the issue of the user being blocked until the filter is reloaded. This has been fixed in 1.2.x for 1.2.44 onwards. The check has essentially been removed from the ISAPI code as a) Tomcat performs the check any way and b) ISAPI can't perform the check correctly without knowledge of the current context path which it does not have. |