Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 280B59E14 for ; Fri, 4 Nov 2011 20:20:48 +0000 (UTC) Received: (qmail 51821 invoked by uid 500); 4 Nov 2011 20:20:44 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 51687 invoked by uid 500); 4 Nov 2011 20:20:44 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 51678 invoked by uid 99); 4 Nov 2011 20:20:44 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 04 Nov 2011 20:20:44 +0000 X-ASF-Spam-Status: No, hits=-2.3 required=5.0 tests=RCVD_IN_DNSWL_MED,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [216.82.250.19] (HELO mail87.messagelabs.com) (216.82.250.19) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 04 Nov 2011 20:20:37 +0000 X-Env-Sender: bkeenan@csc.com X-Msg-Ref: server-10.tower-87.messagelabs.com!1320438015!40294182!1 X-Originating-IP: [20.137.2.88] X-StarScan-Version: 6.3.6; banners=-,-,- X-VirusChecked: Checked Received: (qmail 1928 invoked from network); 4 Nov 2011 20:20:16 -0000 Received: from amer-mta102.csc.com (HELO amer-mta102.csc.com) (20.137.2.88) by server-10.tower-87.messagelabs.com with DHE-RSA-AES256-SHA encrypted SMTP; 4 Nov 2011 20:20:16 -0000 Received: from amer-gw09.amer.csc.com (amer-gw09.amer.csc.com [20.6.39.245]) by amer-mta102.csc.com (Switch-3.4.3/Switch-3.3.3mp) with ESMTP id pA4KKE1b032191 for ; Fri, 4 Nov 2011 16:20:15 -0400 Subject: Vulnerability Remediation X-KeepSent: 040E72CD:4961A96B-8525793E:006DB379; type=4; name=$KeepSent To: Tomcat Users List X-Mailer: Lotus Notes Release 8.5.2FP1 SHF139 March 01, 2011 Message-ID: From: Brendan P Keenan Date: Fri, 4 Nov 2011 16:20:11 -0400 X-MIMETrack: Serialize by Router on AMER-GW09/SRV/CSC(Release 8.5.2FP1 HF29|January 09, 2011) at 11/04/2011 04:18:03 PM MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII It has been identified to me by our security group that my Apache Tomcat 6.0.33 has the following vulnerability CVE-2011-3190. There is a link on the Apache Tomcat 6.0 Security page to http://svn.apache.org/viewvc?view=revision&revision=1162959 as a patch. The link list three files: /tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpAprProcessor.java /tomcat/tc6.0.x/trunk/java/org/apache/coyote/ajp/AjpProcessor.java /tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml There is no trunk or java/org/apache/coyote directory in my installation. Do I add those directories to apply the patch. I am completely new at all of this so all help and direction is appreciated and necessary. Thanks Brendan P Keenan Mainframe Automation CSC Home Office - Columbia, CT USA GOS | Global Enterprise Service Mgmt | 1.860.416.0251 | bkeenan@csc.com | www.csc.com This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org