tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <knst.koli...@gmail.com>
Subject Re: Apache Tomcat 5.5.34 Question (UNCLASSIFIED)
Date Wed, 21 Sep 2011 23:01:57 GMT
2011/9/21 BARRON, HAROLD H CTR DISA EE <harold.barron.ctr@disa.mil>:
>
> Apache Tomcat AJP Protocol Security Bypass and Information Disclosure
> Vulnerability - (CVE-2011-3190):
>

1. Mitigation options are listed here:
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html

Both 5.5 and 6.0 have a connector implementation that is not
vulnerable to this issue

2. 5.5.34 binaries are already available for testing and have good
chances to be officially released in the following days.  6.0.34
release plans have not been discussed (with 6.0.33 being released not
so long ago).

Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message