tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christian Rustøen <chr...@basefarm.no>
Subject RE: Are these CVEs fixed in tomcat 7 ?
Date Thu, 27 Feb 2014 13:48:28 GMT
Ok, thanks for your quick reply.



--
BR,
chris
________________________________________
From: Mark Thomas <markt@apache.org>
Sent: Thursday, February 27, 2014 1:53 PM
To: Tomcat Users List
Subject: Re: Are these CVEs fixed in tomcat 7 ?

On 27/02/2014 12:49, Christian Rustøen wrote:
> Hi
>
> Based on the apache security reports i dont see any mention of these CVEs b=
> eing fixed in tomcat, and as they have a very high score i would like to kn=
> ow if they have been fixed.
> These are almost 3-4 years old but as i dont see any mention on them in the=
>  security reports i would still like to know as im planning to use this con=
> tainer in an environment where security is very important.
>
> CVE-2011-1571

The above issue is a Liferay vulnerability, not an Apache Tomcat
vulnerability.

> CVE-2010-0557

The above issue is a IBM Cognos Express vulnerability, not an Apache
Tomcat vulnerability.

Since neither of the above issues is a vulnerability in Apache Tomcat
you won't find any information on these vulnerabilities at the ASF.

Mark


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message