tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From suresh babu yella <suresh.b.ye...@gmail.com>
Subject Re: Fix CVE tomcat 6.0.18 with out upgrade
Date Wed, 08 May 2013 17:17:12 GMT
Hi Dan,

We might consider for upgrading the tomcat later, due to to supportability
concerns from Autonomy we cannot upgrade it to any of the higher version.

but right now we are looking to apply the fix for all CVE's we identified,
it will be great if you can let me know the procedure.

Thanks
Suresh


On Wed, May 8, 2013 at 10:11 AM, Daniel Mikusa <dmikusa@gopivotal.com>wrote:

> On May 8, 2013, at 12:11 PM, suresh babu yella wrote:
>
> > We are using tomcat 6.0.18  and we found below number of Common
> > Vulnerabilities and Exposures (CVE).
>
> Not surprising given the version that you are using.  Latest version is
> 6.0.37.
>
> >
> > High Vulns: 98
> >
> > Medium Vulns: 50
> >
> > Low Vulns: 6
> > We cannot upgrade/patch any of those components due to supportability
> > concerns from Autonomy.
> >
> > How can I apply a fix for all the CVE, I see the build instructions in
> > below link but I was looking for applying the fixes without upgrade.
>
> You should really consider upgrading.  Why are you so opposed to upgrading?
>
> Dan
>
> >
> > Security -
> >
> http://tomcat.apache.org/security-6.html#Apache_Tomcat_6.x_vulnerabilities
> > Build Instructions -
> http://tomcat.apache.org/tomcat-6.0-doc/building.html
> >
> >
> > Thanks
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message