D. Matscheko has reported a security issue in Apache Tomcat, which can be exploited by malicious people to bypass certain security restrictions. If Tomcat is running behind a proxy with context restriction, an error within the handling of certain path delimiters in requests ('2F', '%5C', and '\') can be exploited to bypass the context restrictions and may allow access to non-proxied contexts. The security issue is reported in versions 5.5.0 to 5.5.21, 5.0.0 to 5.5.0.30, and 6.0.0 to 6.0.9. arches, please mark versions 5.5.23 and 6.0.10-r1 stable: keywords for 5.5.23: "~amd64 ppc ppc64 ~x86 ~x86-fbsd" keywords for 6.0.10-r1: "~amd64 ~ppc ~x86 ~x86-fbsd"
Duping this one as we already have bug #173122. Uncalling arches until we have a green light from java. *** This bug has been marked as a duplicate of bug 173122 ***