tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Burch <br...@pingtoo.com>
Subject Re: Attacks in Apache servers
Date Thu, 02 May 2013 09:48:32 GMT
On 02/05/13 09:32, André Warnier wrote:
> M Eashwar wrote:
>> Hi,
>>
>>    Anyone attacked with reference to below URL?
>>
>> http://efytimes.com/e1/fullnews.asp?edid=105167&ntype=mor&edate=4/29/2013
>>
>
> Never heard of "EFYtimes" before, but considering what I have been
> reading lately about bots, I would advise a modicum of caution before
> following this link.
> (And also maybe a modicum of healthy scepticism about that news article
> itself).

This vulnerability applies only to apache httpd and is not relevant to 
tomcat.

ALSO, it only applies to apache httpd when installed via a third-party 
automated management system that is reported to not verify the digital 
signature of the binary... which would be very negligent.

You should always verify apache packages against the published 
signatures. Although linux distribution rpm and deb packages are 
automatically verified during installation, we strongly recommend 
installing packages directly from the official apache distribution 
servers and then verifying the signature yourself - prior to installation!

Regards,

Brian

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message