tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: Fix CVE tomcat 6.0.18 with out upgrade
Date Wed, 08 May 2013 17:23:30 GMT
suresh babu yella <suresh.b.yella@gmail.com> wrote:

>Hi Dan,
>
>We might consider for upgrading the tomcat later, due to to
>supportability
>concerns from Autonomy we cannot upgrade it to any of the higher
>version.
>
>but right now we are looking to apply the fix for all CVE's we
>identified,
>it will be great if you can let me know the procedure.

The only available procedure is to upgrade. We do not provide patches for old releases.

Mark

>
>Thanks
>Suresh
>
>
>On Wed, May 8, 2013 at 10:11 AM, Daniel Mikusa
><dmikusa@gopivotal.com>wrote:
>
>> On May 8, 2013, at 12:11 PM, suresh babu yella wrote:
>>
>> > We are using tomcat 6.0.18  and we found below number of Common
>> > Vulnerabilities and Exposures (CVE).
>>
>> Not surprising given the version that you are using.  Latest version
>is
>> 6.0.37.
>>
>> >
>> > High Vulns: 98
>> >
>> > Medium Vulns: 50
>> >
>> > Low Vulns: 6
>> > We cannot upgrade/patch any of those components due to
>supportability
>> > concerns from Autonomy.
>> >
>> > How can I apply a fix for all the CVE, I see the build instructions
>in
>> > below link but I was looking for applying the fixes without
>upgrade.
>>
>> You should really consider upgrading.  Why are you so opposed to
>upgrading?
>>
>> Dan
>>
>> >
>> > Security -
>> >
>>
>http://tomcat.apache.org/security-6.html#Apache_Tomcat_6.x_vulnerabilities
>> > Build Instructions -
>> http://tomcat.apache.org/tomcat-6.0-doc/building.html
>> >
>> >
>> > Thanks
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message