tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Mikusa <dmik...@gopivotal.com>
Subject Re: Fix CVE tomcat 6.0.18 with out upgrade
Date Wed, 08 May 2013 17:11:15 GMT
On May 8, 2013, at 12:11 PM, suresh babu yella wrote:

> We are using tomcat 6.0.18  and we found below number of Common
> Vulnerabilities and Exposures (CVE).

Not surprising given the version that you are using.  Latest version is 6.0.37.

> 
> High Vulns: 98
> 
> Medium Vulns: 50
> 
> Low Vulns: 6
> We cannot upgrade/patch any of those components due to supportability
> concerns from Autonomy.
> 
> How can I apply a fix for all the CVE, I see the build instructions in
> below link but I was looking for applying the fixes without upgrade.

You should really consider upgrading.  Why are you so opposed to upgrading?

Dan

> 
> Security -
> http://tomcat.apache.org/security-6.html#Apache_Tomcat_6.x_vulnerabilities
> Build Instructions - http://tomcat.apache.org/tomcat-6.0-doc/building.html
> 
> 
> Thanks


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message