[Mongrel] Regarding the 1.1.3 security release
tom at infoether.com
Sat Dec 29 00:35:15 EST 2007
* Apologies for starting a new thread; I just subscribed.
Has anyone been able to make this exploit happen if requests are being
proxied to Mongrel through Apache? I've been trying variations on the
double-encoding thing and can't trigger the exploit through Apache.
Hitting Mongrel directly does expose the problem.
I'll still upgrade my servers, of course, but I don't want to send an
unnecessary "upgrade now" note to other folks...
More information about the Mongrel-users