tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: JSESSIONID weakness Severity in Tomcat 6.0.29?
Date Sun, 10 Oct 2010 19:45:39 GMT
On 10/10/2010 20:32, Brian wrote:
> I'm not using Jrun, but I guess the vulnerability applies also to Tomcat
> 6.0.29 so they treated me as if I was using Jrun with that vulnerability.

That guess has no basis in fact.

> Does anybody know what should I do to solve this now?

There is nothing to fix unless you are running an app that is vulnerable
(possible if the app manages its own authentication). If you are, fix
your app.

> I guess they are talking about this issue (please read issue # 2):
> http://www.developer.com/java/web/article.php/3904871/Top-7-Features-in-Tomcat-7-The-New-and-the-Improved.htm

Did you look at the Tomcat 6.0.x change log? Go read the entries for 6.0.21.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message