tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "BARRON, HAROLD H CTR DISA EE" <harold.barron....@disa.mil>
Subject RE: Apache Tomcat 5.5.34 Question (UNCLASSIFIED)
Date Thu, 22 Sep 2011 15:51:07 GMT
Classification:  UNCLASSIFIED 
Caveats: NONE

I might have to write a plan of action to temporarily mitigate this issue until the update
is posted. I just want to be able to present it in a way that my users that my users will
not have a problem understanding when I do.

-----Original Message-----
From: Pid * [mailto:pid@pidster.com] 
Sent: Thursday, September 22, 2011 11:47 AM
To: Tomcat Users List
Subject: Re: Apache Tomcat 5.5.34 Question (UNCLASSIFIED)

On 22 Sep 2011, at 14:21, "BARRON, HAROLD H CTR DISA EE"
<harold.barron.ctr@disa.mil> wrote:

> Classification:  UNCLASSIFIED
> Caveats: NONE
>
> Thanks....it's kind of hard to understand how to implement this workaround but I will
look into it.

Do you use HTTPD with mod_jk or mod_proxy_ajp in front if Tomcat?

What is hard to understand, maybe we can help... ?


p


> Appreciate the response.
>
> -----Original Message-----
> From: Konstantin Kolinko [mailto:knst.kolinko@gmail.com]
> Sent: Wednesday, September 21, 2011 7:02 PM
> To: Tomcat Users List
> Subject: Re: Apache Tomcat 5.5.34 Question (UNCLASSIFIED)
>
> 2011/9/21 BARRON, HAROLD H CTR DISA EE <harold.barron.ctr@disa.mil>:
>>
>> Apache Tomcat AJP Protocol Security Bypass and Information Disclosure
>> Vulnerability - (CVE-2011-3190):
>>
>
> 1. Mitigation options are listed here:
> http://tomcat.apache.org/security-5.html
> http://tomcat.apache.org/security-6.html
>
> Both 5.5 and 6.0 have a connector implementation that is not
> vulnerable to this issue
>
> 2. 5.5.34 binaries are already available for testing and have good
> chances to be officially released in the following days.  6.0.34
> release plans have not been discussed (with 6.0.33 being released not
> so long ago).
>
> Best regards,
> Konstantin Kolinko
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
> Classification:  UNCLASSIFIED
> Caveats: NONE
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Classification:  UNCLASSIFIED 
Caveats: NONE

Mime
View raw message