tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "BARRON, HAROLD H CTR DISA EE" <harold.barron....@disa.mil>
Subject RE: Apache Tomcat 5.5.34 Question (UNCLASSIFIED)
Date Thu, 22 Sep 2011 13:19:43 GMT
Classification:  UNCLASSIFIED 
Caveats: NONE

Thanks....it's kind of hard to understand how to implement this workaround but I will look
into it.
Appreciate the response.

-----Original Message-----
From: Konstantin Kolinko [mailto:knst.kolinko@gmail.com] 
Sent: Wednesday, September 21, 2011 7:02 PM
To: Tomcat Users List
Subject: Re: Apache Tomcat 5.5.34 Question (UNCLASSIFIED)

2011/9/21 BARRON, HAROLD H CTR DISA EE <harold.barron.ctr@disa.mil>:
>
> Apache Tomcat AJP Protocol Security Bypass and Information Disclosure
> Vulnerability - (CVE-2011-3190):
>

1. Mitigation options are listed here:
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html

Both 5.5 and 6.0 have a connector implementation that is not
vulnerable to this issue

2. 5.5.34 binaries are already available for testing and have good
chances to be officially released in the following days.  6.0.34
release plans have not been discussed (with 6.0.33 being released not
so long ago).

Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Classification:  UNCLASSIFIED 
Caveats: NONE


Mime
View raw message