tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pid <...@pidster.com>
Subject Re: Question about a known security vulnerability
Date Sat, 10 Mar 2012 10:24:38 GMT
On 08/03/2012 21:49, Jayant Sane wrote:
> 
> Hello, 
> 
> This is in regard to the security vulnerability "Tomcat WAR Deployment Directory Traversal
Flaw May Cause Files to Be Deleted" as detailed in  http://securitytracker.com/id/1023504
> Per the above, versions 5.5.0-5.5.28, 6.0.0-6.0.20 and possibly earlier versions were
affected. 
> Question: Does this affect version 7.0.23 and/or has it been confirmed fixed for v7.0.23?
> 
> The website security test tool we use reports this issue being present even in Tomcat
version 7.0.23 so wanted to know.  I

Is the tool saying that the issue has been detected in 7.0.23 upwards,
or that it was fixed in 7.0.24?


p

> I was told that I cannot post this question to the email address meant for reporting
undisclosed security vulnerabilities and I understand. 
> thanks in advance,Jayant 		 	   		  
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 


-- 

[key:62590808]


Mime
View raw message