tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Eggers <its_toas...@yahoo.com>
Subject Re: Adding Revisions
Date Fri, 07 Oct 2011 19:05:54 GMT
----- Original Message -----

> From: Brendan P Keenan <bkeenan@csc.com>
> To: users@tomcat.apache.org
> Cc: 
> Sent: Friday, October 7, 2011 9:08 AM
> Subject: Adding Revisions
> 
> 
> I apologise if this has been answered somewhere else but I just haven't
> been able to find it...
> 
> Server is running Windows 2003 R2 SP2
> Tomcat 6.0.33
> 
> I need to mitigate CVE-2011-3190. It appears revision 1162959 fixes it.
> 
> I cannot find how to apply 1162959. Hopefully someone can tell me the steps
> or point me to documentation
> Thanks
> 
> 
> 
> Brendan P Keenan
> Mainframe Automation
> CSC
>

Could you use one of the two mitigation recommendations?

The announcement:

http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.34_(not_yet_released)


If you're using mod_jk, then the following two links gives you detailed configuration information.

http://tomcat.apache.org/tomcat-6.0-doc/config/ajp.html

http://tomcat.apache.org/connectors-doc/reference/workers.html


If you're using mod_proxy_ajp or mod_jk earlier than 1.2.12 (upgrade), then you can change
the AJP connector protocol to org.apache.jk.server.JkCoyoteHandler as per the announcement.

. . . . just my two cents.
/mde/

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message