Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 2FE5C986A for ; Fri, 4 Nov 2011 20:36:04 +0000 (UTC) Received: (qmail 66773 invoked by uid 500); 4 Nov 2011 20:36:00 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 66728 invoked by uid 500); 4 Nov 2011 20:36:00 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 66718 invoked by uid 99); 4 Nov 2011 20:36:00 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 04 Nov 2011 20:36:00 +0000 X-ASF-Spam-Status: No, hits=-5.0 required=5.0 tests=RCVD_IN_DNSWL_HI,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: local policy) Received: from [65.115.85.73] (HELO smtp-outbound-2.vmware.com) (65.115.85.73) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 04 Nov 2011 20:35:54 +0000 Received: from mailhost3.vmware.com (mailhost3.vmware.com [10.16.27.45]) by smtp-outbound-2.vmware.com (Postfix) with ESMTP id 64D031A003 for ; Fri, 4 Nov 2011 13:35:32 -0700 (PDT) Received: from sc9-exht09.vmware.com (sc9-exht09.vmware.com [10.113.190.39]) by mailhost3.vmware.com (Postfix) with ESMTP id 56948CDAFC for ; Fri, 4 Nov 2011 13:35:32 -0700 (PDT) Received: from exch-mbx-111.vmware.com ([10.113.190.111]) by sc9-exht09.vmware.com ([10.113.190.39]) with mapi; Fri, 4 Nov 2011 13:35:32 -0700 From: Daniel Mikusa To: Tomcat Users List Date: Fri, 4 Nov 2011 13:35:30 -0700 Subject: Re: Vulnerability Remediation Thread-Topic: Vulnerability Remediation Thread-Index: AcybMUvyRGG2ix/2RX6VBtCYmsFcUA== Message-ID: <1320438930.2654.8.camel@cleveland.mikusa.com> References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org QnJlbmRhbiwNCg0KVGhlIGxpbmsgaXMgYSBsaXN0IG9mIHRoZSBmaWxlcyB0aGF0IHdlcmUgbW9k aWZpZWQgdG8gZml4IHRoZQ0KdnVsbmVyYWJpbGl0eS4gIFRoZXNlIGZpbGVzIGNhbiBiZSB1c2Vk IHRvIHBhdGNoIHRoZSBzb3VyY2UgY29kZSBmb3INClRvbWNhdC4gIEFmdGVyIHBhdGNoaW5nIHRo ZSBzb3VyY2UgY29kZSwgeW91IHdvdWxkIHRoZW4gbmVlZCB0bw0KcmVjb21waWxlIGl0IGFuZCB1 cGRhdGUgeW91ciBUb21jYXQgaW5zdGFsbGF0aW9uIHdpdGggdGhlIHJlY29tcGlsZWQNCmJpbmFy aWVzLg0KDQpJbiBteSBvcGluaW9uLCBpdCdzIGVhc2llciB0byBhcHBseSBvbmUgb2YgdGhlIG1p dGlnYXRpb25zIG5vdyBhbmQNCnVwZ3JhZGUgdG8gVG9tY2F0IDYuMC4zNCB3aGVuIGl0IGlzIG9m ZmljaWFsbHkgcmVsZWFzZWQuDQoNCiogQ29uZmlndXJlIGJvdGggVG9tY2F0IGFuZCB0aGUgcmV2 ZXJzZSBwcm94eSB0byB1c2UgYSBzaGFyZWQgc2VjcmV0Lg0KKEl0IGlzICJyZXF1ZXN0LnNlY3Jl dCIgYXR0cmlidXRlIGluIEFKUCA8Q29ubmVjdG9yPiwNCiJ3b3JrZXIud29ya2VybmFtZS5zZWNy ZXQiIGRpcmVjdGl2ZSBmb3IgbW9kX2prLiBUaGUgbW9kX3Byb3h5X2FqcA0KbW9kdWxlIGN1cnJl bnRseSBkb2VzIG5vdCBzdXBwb3J0IHNoYXJlZCBzZWNyZXRzKS4NCiANCiAgKiBVc2UgdGhlIG9y Zy5hcGFjaGUuamsuc2VydmVyLkprQ295b3RlSGFuZGxlciAoQklPKSBBSlAgY29ubmVjdG9yDQog ICAgaW1wbGVtZW50YXRpb24uDQooSXQgaXMgYXV0b21hdGljYWxseSBzZWxlY3RlZCBpZiB5b3Ug ZG8gbm90IGhhdmUgVG9tY2F0LU5hdGl2ZSBsaWJyYXJ5DQppbnN0YWxsZWQuIEl0IGNhbiBiZSBh bHNvIHNlbGVjdGVkIGV4cGxpY2l0bHk6IDxDb25uZWN0b3INCnByb3RvY29sPSJvcmcuYXBhY2hl LmprLnNlcnZlci5Ka0NveW90ZUhhbmRsZXIiPikuDQoNCkRhbg0KDQoNCg0KT24gRnJpLCAyMDEx LTExLTA0IGF0IDEzOjIwIC0wNzAwLCBCcmVuZGFuIFAgS2VlbmFuIHdyb3RlOg0KPiBJdCBoYXMg YmVlbiBpZGVudGlmaWVkIHRvIG1lIGJ5IG91ciBzZWN1cml0eSBncm91cCB0aGF0IG15IEFwYWNo ZSBUb21jYXQNCj4gNi4wLjMzIGhhcyB0aGUgZm9sbG93aW5nIHZ1bG5lcmFiaWxpdHkgQ1ZFLTIw MTEtMzE5MC4gVGhlcmUgaXMgYSBsaW5rIG9uDQo+IHRoZSBBcGFjaGUgVG9tY2F0IDYuMCBTZWN1 cml0eSBwYWdlIHRvDQo+IGh0dHA6Ly9zdm4uYXBhY2hlLm9yZy92aWV3dmM/dmlldz1yZXZpc2lv biZyZXZpc2lvbj0xMTYyOTU5IGFzIGEgcGF0Y2guDQo+IA0KPiBUaGUgbGluayBsaXN0IHRocmVl IGZpbGVzOg0KPiANCj4gL3RvbWNhdC90YzYuMC54L3RydW5rL2phdmEvb3JnL2FwYWNoZS9jb3lv dGUvYWpwL0FqcEFwclByb2Nlc3Nvci5qYXZhDQo+IC90b21jYXQvdGM2LjAueC90cnVuay9qYXZh L29yZy9hcGFjaGUvY295b3RlL2FqcC9BanBQcm9jZXNzb3IuamF2YQ0KPiAvdG9tY2F0L3RjNi4w LngvdHJ1bmsvd2ViYXBwcy9kb2NzL2NoYW5nZWxvZy54bWwNCj4gDQo+IFRoZXJlIGlzIG5vIHRy dW5rIG9yIGphdmEvb3JnL2FwYWNoZS9jb3lvdGUgZGlyZWN0b3J5IGluIG15IGluc3RhbGxhdGlv bi4NCj4gRG8gSSBhZGQgdGhvc2UgZGlyZWN0b3JpZXMgdG8gYXBwbHkgdGhlIHBhdGNoLg0KPiAN Cj4gSSBhbSBjb21wbGV0ZWx5IG5ldyBhdCBhbGwgb2YgdGhpcyBzbyBhbGwgaGVscCBhbmQgZGly ZWN0aW9uIGlzIGFwcHJlY2lhdGVkDQo+IGFuZCBuZWNlc3NhcnkuDQo+IFRoYW5rcw0KPiANCj4g DQo+IEJyZW5kYW4gUCBLZWVuYW4NCj4gTWFpbmZyYW1lIEF1dG9tYXRpb24NCj4gQ1NDDQo+IA0K PiBIb21lIE9mZmljZSAtIENvbHVtYmlhLCBDVCBVU0ENCj4gR09TIHwgR2xvYmFsIEVudGVycHJp c2UgU2VydmljZSBNZ210IHwgMS44NjAuNDE2LjAyNTEgfCBia2VlbmFuQGNzYy5jb20gfA0KPiB3 d3cuY3NjLmNvbQ0KPiANCj4gVGhpcyBpcyBhIFBSSVZBVEUgbWVzc2FnZS4gSWYgeW91IGFyZSBu b3QgdGhlIGludGVuZGVkIHJlY2lwaWVudCwgcGxlYXNlDQo+IGRlbGV0ZSB3aXRob3V0IGNvcHlp bmcgYW5kIGtpbmRseSBhZHZpc2UgdXMgYnkgZS1tYWlsIG9mIHRoZSBtaXN0YWtlIGluDQo+IGRl bGl2ZXJ5Lg0KPiBOT1RFOiBSZWdhcmRsZXNzIG9mIGNvbnRlbnQsIHRoaXMgZS1tYWlsIHNoYWxs IG5vdCBvcGVyYXRlIHRvIGJpbmQgQ1NDIHRvDQo+IGFueSBvcmRlciBvciBvdGhlciBjb250cmFj dCB1bmxlc3MgcHVyc3VhbnQgdG8gZXhwbGljaXQgd3JpdHRlbiBhZ3JlZW1lbnQNCj4gb3IgZ292 ZXJubWVudCBpbml0aWF0aXZlIGV4cHJlc3NseSBwZXJtaXR0aW5nIHRoZSB1c2Ugb2YgZS1tYWls IGZvciBzdWNoDQo+IHB1cnBvc2UuDQo+IA0KPiANCj4gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQo+IFRvIHVuc3Vi c2NyaWJlLCBlLW1haWw6IHVzZXJzLXVuc3Vic2NyaWJlQHRvbWNhdC5hcGFjaGUub3JnDQo+IEZv ciBhZGRpdGlvbmFsIGNvbW1hbmRzLCBlLW1haWw6IHVzZXJzLWhlbHBAdG9tY2F0LmFwYWNoZS5v cmcNCj4gDQo=