tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Markus Schönhaber <tomcat-us...@list-post.mks-mail.de>
Subject Re: IAVM Identified Vulnerability - 2009-B-0026_0028
Date Thu, 23 Jul 2009 12:45:38 GMT
Owen, Scott A CTR IT/IM Bldg1490:

> I am currently running Tomcat 5.5.27 on a Windows 2003 server for the
> application Business Objects Enterprise XI R2.
> 
> I have been notified by my IA department of an IAVA that has been
> identified and needs immediate action.
> 
> The IAVM is 2009-B-0026_0028 and references the following CVE
> vulnerabilities:
> 
> CVE-2008-5515 CVE-2009-0033 CVE-2009-0580 CVE-2009-0781 CVE-2009-0783
> 
> 
> I have searched the Apache Tomcat site for any assistance, and the
> only thing I am able to find references a fix in Tomcat 5.5.SVN.
> However, I am unable to find this package to install on my server to
> resolve these vulnerabilities.

This is not a "package" you can install but (probably) refers to the
current state of development, where those vulnerabilities are already fixed.

> Can somebody point me in the right direction on implement this fix to
> make my system compliant with this identified IAVA?

Look at the corresponding announcements here:
http://mail-archives.apache.org/mod_mbox/tomcat-announce/

For CVE-2009-0781 see:
http://mail-archives.apache.org/mod_mbox/tomcat-dev/200903.mbox/%3C49B147B2.1060604@apache.org%3E
But this vulnerability only effects a component of the example webapps -
which shouldn't be deployed on a production server anyway.

-- 
Regards
  mks

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message