tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Penubothu, Srinivasa M" <srinivasa.penubo...@bankofamerica.com>
Subject RE: CVE-2015-0204 - FREAK vulnerability on tomcat 7.
Date Fri, 15 May 2015 12:23:04 GMT
Here are the details of the vulnerability.

Title: SSL/TLS Server Accepts RSA_EXPORT Cipher Suites (FREAK)
CVE ID: CVE-2015-0204
Diagnosis: The remote SSL/TLS server accepts RSA_EXPORT cipher suites which is vulnerable
to session downgrade vulnerability.
Result: Exploitation allows an attacker to bypass security restrictions on the targeted host.
Recommended Solution: Disable RSA_EXPORT cipher suites.

Trying to find how to apply this fix in Tomcat 7. Appreciate your help!


Regards

Srinivasa(Vasu) Penubothu

Mortgage Build & Deployment Team
• MTGBDT SharePoint Site
• MTGBDT Nexus Engagement Link
Division: Mortgage Technology
Phones: 469-201-8855(Work)
              214-250-8424(Mobile)
Email: srinivasa.penubothu@bankofamerica.com


-----Original Message-----
From: Neill Lima [mailto:neill.lima@visual-meta.com]
Sent: Friday, May 15, 2015 7:15 AM
To: Tomcat Users List
Subject: Re: CVE-2015-0204 - FREAK vulnerability on tomcat 7.

We would love to help but without the bare minimum description we are unable to do so.

Sorry!

On Fri, May 15, 2015 at 2:10 PM, Penubothu, Srinivasa M < srinivasa.penubothu@bankofamerica.com<mailto:srinivasa.penubothu@bankofamerica.com>>
wrote:

> Hello, I am looking for help with fixing FREAK vulnerability on tomcat 7.
> I am unable to find a solution for tomcat. Any help would be much
> appreciated.
>
> Regards
>
> Srinivasa(Vasu) Penubothu
>
> ----------------------------------------------------------------------
> This message, and any attachments, is for the intended recipient(s)
> only, may contain information that is privileged, confidential and/or
> proprietary and subject to important terms and conditions available at
> http://www.bankofamerica.com/emaildisclaimer.   If you are not the
> intended recipient, please delete this message.
>


----------------------------------------------------------------------
This message, and any attachments, is for the intended recipient(s) only, may contain information
that is privileged, confidential and/or proprietary and subject to important terms and conditions
available at http://www.bankofamerica.com/emaildisclaimer.   If you are not the intended recipient,
please delete this message.
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message