tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brendan P Keenan <bkee...@csc.com>
Subject Vulnerability Remediation
Date Fri, 04 Nov 2011 20:20:11 GMT

It has been identified to me by our security group that my Apache Tomcat
6.0.33 has the following vulnerability CVE-2011-3190. There is a link on
the Apache Tomcat 6.0 Security page to
http://svn.apache.org/viewvc?view=revision&revision=1162959 as a patch.

The link list three files:

/tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java
/tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpProcessor.java
/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml

There is no trunk or java/org/apache/coyote directory in my installation.
Do I add those directories to apply the patch.

I am completely new at all of this so all help and direction is appreciated
and necessary.
Thanks


Brendan P Keenan
Mainframe Automation
CSC

Home Office - Columbia, CT USA
GOS | Global Enterprise Service Mgmt | 1.860.416.0251 | bkeenan@csc.com |
www.csc.com

This is a PRIVATE message. If you are not the intended recipient, please
delete without copying and kindly advise us by e-mail of the mistake in
delivery.
NOTE: Regardless of content, this e-mail shall not operate to bind CSC to
any order or other contract unless pursuant to explicit written agreement
or government initiative expressly permitting the use of e-mail for such
purpose.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message