tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Markus Schönhaber <>
Subject Re: IAVM Identified Vulnerability - 2009-B-0026_0028
Date Thu, 23 Jul 2009 12:45:38 GMT
Owen, Scott A CTR IT/IM Bldg1490:

> I am currently running Tomcat 5.5.27 on a Windows 2003 server for the
> application Business Objects Enterprise XI R2.
> I have been notified by my IA department of an IAVA that has been
> identified and needs immediate action.
> The IAVM is 2009-B-0026_0028 and references the following CVE
> vulnerabilities:
> CVE-2008-5515 CVE-2009-0033 CVE-2009-0580 CVE-2009-0781 CVE-2009-0783
> I have searched the Apache Tomcat site for any assistance, and the
> only thing I am able to find references a fix in Tomcat 5.5.SVN.
> However, I am unable to find this package to install on my server to
> resolve these vulnerabilities.

This is not a "package" you can install but (probably) refers to the
current state of development, where those vulnerabilities are already fixed.

> Can somebody point me in the right direction on implement this fix to
> make my system compliant with this identified IAVA?

Look at the corresponding announcements here:

For CVE-2009-0781 see:
But this vulnerability only effects a component of the example webapps -
which shouldn't be deployed on a production server anyway.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message