/[Apache-SVN]
ViewVC logotype

Revision 1809283


Jump to revision: Previous Next
Author: markt
Date: Fri Sep 22 09:06:38 2017 UTC (6 years, 6 months ago)
Changed paths: 4
Log Message:
Partial fix for CVE-2017-12617
This moves a check from the Default servlet where it applied to GET, POST, HEAD and OPTIONS to the resources implementation where it applies to any method that expects the resource to exist (e.g.DELETE)
Still need to address the case where the resource does not exist (e.g. PUT)

Changed paths

Path Details
Directorytomcat/tc8.0.x/trunk/ modified , props changed
Directorytomcat/tc8.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java modified , text changed
Directorytomcat/tc8.0.x/trunk/java/org/apache/catalina/webresources/AbstractFileResourceSet.java modified , text changed
Directorytomcat/tc8.0.x/trunk/test/org/apache/catalina/webresources/AbstractTestResourceSet.java modified , text changed

infrastructure at apache.org
ViewVC Help
Powered by ViewVC 1.1.26