CVE-2005-2090
published 2005-07-05CVE-2005-2090: Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection…
PriorityP428medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
29.78%
98.0th percentile
Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
Affected
174 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | tomcat | <= 6.0.37 | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect HTTP Request Smuggling via simultaneous presence of 'Transfer-Encoding: chunked' header and a Content-Length header in the same request sent to Tomcat ↗
- →Detect requests containing multiple Content-Length headers, which should be rejected as invalid and indicate a smuggling/poisoning attempt ↗
- →Flag requests combining a Content-Length header with chunked transfer-encoding over HTTP or AJP connectors as potential smuggling attempts (incomplete fix vector) ↗
- ·Affected versions for the original CVE-2005-2090 include Tomcat 5.0.0–5.0.HEAD and 5.5.0–5.5.22; Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) are specifically named as vulnerable ↗
- ·Intermediate proxy/firewall/cache components in the request chain that do not reject malformed requests are a prerequisite for successful exploitation; the attack requires multiple components making different decisions about which Content-Length value to use ↗
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
ghsa4.3MEDIUM
osv4.3MEDIUM
vendor_apache4.3MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Apache Tomcat is vulnerable to HTTP request-smuggling
ghsa·2022-05-14·CVSS 4.3
CVE-2013-4286 [MEDIUM] CWE-20 Apache Tomcat is vulnerable to HTTP request-smuggling
Apache Tomcat is vulnerable to HTTP request-smuggling
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.
OSV
Apache Tomcat is vulnerable to HTTP request-smuggling
osv·2022-05-14·CVSS 4.3
CVE-2013-4286 [MEDIUM] Apache Tomcat is vulnerable to HTTP request-smuggling
Apache Tomcat is vulnerable to HTTP request-smuggling
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.
OSV
Tomcat Vulnerable to Web Cache Poisoning
osv·2022-05-01
CVE-2005-2090 [MEDIUM] Tomcat Vulnerable to Web Cache Poisoning
Tomcat Vulnerable to Web Cache Poisoning
Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
GHSA
Tomcat Vulnerable to Web Cache Poisoning
ghsa·2022-05-01
CVE-2005-2090 [MEDIUM] Tomcat Vulnerable to Web Cache Poisoning
Tomcat Vulnerable to Web Cache Poisoning
Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
OSV
CVE-2013-4286: Apache Tomcat before 6
osv·2014-02-26·CVSS 4.3
CVE-2013-4286 [MEDIUM] CVE-2013-4286: Apache Tomcat before 6
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.
Red Hat
tomcat: multiple content-length header poisoning flaws
vendor_redhat·2014-02-25·CVSS 4.3
CVE-2013-4286 [MEDIUM] tomcat: multiple content-length header poisoning flaws
tomcat: multiple content-length header poisoning flaws
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.
It was found that when Tomcat / JBoss Web processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomc
Red Hat
tomcat multiple content-length header poisioning
vendor_redhat·2005-06-06·CVSS 4.3
CVE-2005-2090 [MEDIUM] tomcat multiple content-length header poisioning
tomcat multiple content-length header poisioning
Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
Apache
Apache tomcat: CVE-2005-2090
vendor_apache·CVSS 4.3
CVE-2005-2090 [MEDIUM] Apache tomcat: CVE-2005-2090
Apache tomcat: CVE-2005-2090
was not complete. It did not cover the following cases: content-length header with chunked encoding over any HTTP connector multiple content-length headers over any AJP connector Requests with multiple content-length headers or with a content-length header when chunked encoding is being used should be rejected as invalid. When multiple components (firewalls, caches, proxies and Tomcat) process a sequence of requests where one or more requests contain either multiple content-length headers or a content-length header when chunked encoding is being used and several components do not reject the request and make different decisions as to which content-length header to use an attacker can poison a web-cache, perform an XSS attack and obtain sensitive information from
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2013-4286 tomcat: multiple content-length header poisoning flaws
bugzilla·2014-02-25·CVSS 4.3
CVE-2013-4286 [MEDIUM] CVE-2013-4286 tomcat: multiple content-length header poisoning flaws
CVE-2013-4286 tomcat: multiple content-length header poisoning flaws
The Tomcat fix for CVE-2005-2090 was not complete. It did not cover the following cases:
- content-length header with chunked encoding over any HTTP connector
- multiple content-length headers over any AJP connector
Requests with multiple content-length headers or with a content-length header when chunked encoding is being used should be rejected as invalid. When multiple components (firewalls, caches, proxies and Tomcat) process a sequence of requests where one or more requests contain either multiple content-length headers or a content-length header when chunked encoding is being used and several components do not reject the request and make different decisions as to which content-length header to use an attacker can
Bugzilla
CVE-2007-5333 Improve cookie parsing for tomcat5 [rhn_satellite_5.0]
bugzilla·2008-01-10·CVSS 4.3
CVE-2007-5333 [MEDIUM] CVE-2007-5333 Improve cookie parsing for tomcat5 [rhn_satellite_5.0]
CVE-2007-5333 Improve cookie parsing for tomcat5 [rhn_satellite_5.0]
rhn_satellite_5.0 tracking bug: see blocks bug list for full details of the security issue(s).
This bug is never intended to be made public, please put any public notes in the 'blocks' bugs.
For the security issues handling process overview see: http://intranet.corp.redhat.com/ic/intranet/SecurityZStreamFAQ
[bug automatically created by: add-tracking-bugs]
Discussion:
[root@rlx-3-18 RPMS]# ls tomcat5-5.0.30-0jpp_9rh.noarch.rpm
tomcat5-5.0.30-0jpp_9rh.noarch.rpm
[root@rlx-3-18 RPMS]# pwd
/tmp/mnt/RPMS
[root@rlx-3-18 RPMS]#
verified
---
This is not a bug. The real issue that was talked about is actually:
private bug Bugzilla Bug 430731: CVE-2007-5461 CVE-2007-3385 CVE-2007-3382
CVE-2007-1358 CVE-2007-1355 CVE-2007
Bugzilla
A number of tomcat issues
bugzilla·2007-05-09·CVSS 5.0
CVE-2005-3164 [MEDIUM] A number of tomcat issues
A number of tomcat issues
A number of issues affected tomcat 4.0.6 as distributed with Stronghold. Most
of these are minor severity, all need triaging:
http://tomcat.apache.org/security-4.html
Information disclosure CVE-2005-3164
Information disclosure CVE-2005-2090
Directory traversal CVE-2007-0450
Cross-site scripting CVE-2007-1358
Cross-site scripting CVE-2006-7196
Directory listing CVE-2006-3835
Cross-site scripting CVE-2005-4838
Denial of service CVE-2005-3510
Denial of service CVE-2003-0866
Information disclosure CVE-2002-2006
Discussion:
closing; Stronghold has reached end of life.
Bugzilla
CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195 CVE-2006-7196 CVE-2007-1858 CVE-2006-3835 CVE-2005-3510 CVE-2005-4838)
bugzilla·2007-04-30·CVSS 4.3
CVE-2005-2090 [MEDIUM] CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195 CVE-2006-7196 CVE-2007-1858 CVE-2006-3835 CVE-2005-3510 CVE-2005-4838)
CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195 CVE-2006-7196 CVE-2007-1858 CVE-2006-3835 CVE-2005-3510 CVE-2005-4838)
A number of flaws affect the version of Tomcat5 shipped with RHAPS-EL3 (last
updated in RHSA-2006:0592 to 5.0.28). Please see linked bugs for details.
Discussion:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA-2007-0340.html
Bugzilla
CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195 CVE-2006-7196 CVE-2007-1858 CVE-2006-3835)
bugzilla·2007-04-19·CVSS 4.3
CVE-2005-2090 [MEDIUM] CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195 CVE-2006-7196 CVE-2007-1858 CVE-2006-3835)
CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195 CVE-2006-7196 CVE-2007-1858 CVE-2006-3835)
A number of flaws affect the version of Tomcat5 shipped with RHAPS2 (last
updated in RHSA-2006:0161 to 5.5.12). Please see linked bugs for details.
Discussion:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA-2007-0326.html
Bugzilla
CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195)
bugzilla·2007-04-19·CVSS 4.3
CVE-2005-2090 [MEDIUM] CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195)
CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195)
+++ This bug was initially created as a clone of Bug #237088 +++ for EUS
A number of flaws affect the version of Tomcat5 shipped with RHEL5. Please see
linked bugs for details.
Discussion:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA-2007-0327.html
Bugzilla
CVE-2005-2090 tomcat multiple content-length header poisioning
bugzilla·2007-04-19·CVSS 4.3
CVE-2005-2090 [MEDIUM] CVE-2005-2090 tomcat multiple content-length header poisioning
CVE-2005-2090 tomcat multiple content-length header poisioning
From http://tomcat.apache.org/security-5.html
Fixed in Apache Tomcat 5.5.23
Information disclosure CVE-2005-2090
Requests with multiple content-length headers should be rejected as invalid.
When multiple components (firewalls, caches, proxies and Tomcat) process a
sequence of requests where one or more requests contain multiple content-length
headers and several components do not reject the request and make different
decisions as to which content-length leader to use an attacker can poision a
web-cache, perform an XSS attack and obtain senstive information from requests
other then their own. Tomcat now returns 400 for requests with multiple
content-length headers.
Affects: 5.0.0-5.0.HEAD, 5.5.0-5.5.22
Discussion:
Created
Bugzilla
CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195)
bugzilla·2007-04-19·CVSS 4.3
CVE-2005-2090 [MEDIUM] CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195)
CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195)
A number of flaws affect the version of Tomcat5 shipped with RHDS3. Please see
linked bugs for details.
Discussion:
Run manually:
http://yakko.test.redhat.com/run.php?runid=14719
http://yakko.test.redhat.com/run.php?runid=14720
---
Thanks Mark.
Vivek, Can you check those test runs and sign off on the changes as required.
Thanks.
---
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA-2007-0328.html
Bugzilla
CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195)
bugzilla·2007-04-19·CVSS 4.3
CVE-2005-2090 [MEDIUM] CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195)
CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195)
A number of flaws affect the version of Tomcat5 shipped with RHEL5. Please see
linked bugs for details.
Discussion:
The fix had already been merged to the RHEL-5 branch and tagged. The
corresponding backports were made to the 5.0.z branch and shipped as part of
http://rhn.redhat.com/errata/RHSA-2007-0327.html.
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspxhttp://docs.info.apple.com/article.html?artnum=306172http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.htmlhttp://lists.vmware.com/pipermail/security-announce/2008/000003.htmlhttp://seclists.org/lists/bugtraq/2005/Jun/0025.htmlhttp://secunia.com/advisories/26235http://secunia.com/advisories/26660http://secunia.com/advisories/27037http://secunia.com/advisories/28365http://secunia.com/advisories/29242http://secunia.com/advisories/30899http://secunia.com/advisories/30908http://secunia.com/advisories/33668http://securitytracker.com/id?1014365http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1http://support.avaya.com/elmodocs2/security/ASA-2007-206.htmhttp://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540http://tomcat.apache.org/security-4.htmlhttp://tomcat.apache.org/security-5.htmlhttp://tomcat.apache.org/security-6.htmlhttp://www.fujitsu.com/global/support/software/security/products-f/interstage-200703e.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0327.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0360.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0261.htmlhttp://www.securiteam.com/securityreviews/5GP0220G0U.htmlhttp://www.securityfocus.com/archive/1/485938/100/0/threadedhttp://www.securityfocus.com/archive/1/500396/100/0/threadedhttp://www.securityfocus.com/archive/1/500412/100/0/threadedhttp://www.securityfocus.com/bid/13873http://www.securityfocus.com/bid/25159http://www.vupen.com/english/advisories/2007/2732http://www.vupen.com/english/advisories/2007/3087http://www.vupen.com/english/advisories/2007/3386http://www.vupen.com/english/advisories/2008/0065http://www.vupen.com/english/advisories/2008/1979/referenceshttp://www.vupen.com/english/advisories/2009/0233http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdfhttps://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3Ehttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10499http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspxhttp://docs.info.apple.com/article.html?artnum=306172http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.htmlhttp://lists.vmware.com/pipermail/security-announce/2008/000003.htmlhttp://seclists.org/lists/bugtraq/2005/Jun/0025.htmlhttp://secunia.com/advisories/26235http://secunia.com/advisories/26660http://secunia.com/advisories/27037http://secunia.com/advisories/28365http://secunia.com/advisories/29242http://secunia.com/advisories/30899http://secunia.com/advisories/30908http://secunia.com/advisories/33668http://securitytracker.com/id?1014365http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1http://support.avaya.com/elmodocs2/security/ASA-2007-206.htmhttp://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540http://tomcat.apache.org/security-4.htmlhttp://tomcat.apache.org/security-5.htmlhttp://tomcat.apache.org/security-6.htmlhttp://www.fujitsu.com/global/support/software/security/products-f/interstage-200703e.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0327.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0360.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0261.htmlhttp://www.securiteam.com/securityreviews/5GP0220G0U.htmlhttp://www.securityfocus.com/archive/1/485938/100/0/threadedhttp://www.securityfocus.com/archive/1/500396/100/0/threadedhttp://www.securityfocus.com/archive/1/500412/100/0/threadedhttp://www.securityfocus.com/bid/13873http://www.securityfocus.com/bid/25159http://www.vupen.com/english/advisories/2007/2732http://www.vupen.com/english/advisories/2007/3087http://www.vupen.com/english/advisories/2007/3386http://www.vupen.com/english/advisories/2008/0065http://www.vupen.com/english/advisories/2008/1979/referenceshttp://www.vupen.com/english/advisories/2009/0233http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdfhttps://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3Ehttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10499
2005-07-05
Published