Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability

Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability

Solution:
The vendor has released Apache Tomcat JK Connector 1.2.23 to address this issue. Please see the references for more information.

Apache Software Foundation Tomcat JK Web Server Connector 1.2.21

Apache Apache Tomcat JK Connector 1.2.23
http://www.apache.org/dist/tomcat/tomcat-connectors/jk/source/jk-1.2.2 3/tomcat-connectors-1.2.23-src.tar.gz

Apple Mac OS X Server 10.3.9

Apple SecUpdSrvr2007-007Pan.dmg For Mac OS X Server v10.3.9
http://www.apple.com/support/downloads/

Apple Mac OS X 10.4.10

Apple SecUpd2007-007Ti.dmg For Mac OS X v10.4.10 (PowerPC)
http://www.apple.com/support/downloads/

Apple SecUpd2007-007Univ.dmg For Mac OS X v10.4.10 (Universal)
http://www.apple.com/support/downloads/

Apple Mac OS X Server 10.4.10

Apple SecUpdSrvr2007-007Ti.dmg For Mac OS X Server v10.4.10 (PowerPC)
http://www.apple.com/support/downloads/

Apple SecUpdSrvr2007-007Universal.dmg For Mac OS X Server v10.4.10 (Universal)
http://www.apple.com/support/downloads/