tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David kerber <dcker...@verizon.net>
Subject Re: CVE-2015-0204 - FREAK vulnerability on tomcat 7.
Date Fri, 15 May 2015 12:38:28 GMT
On 5/15/2015 8:23 AM, Penubothu, Srinivasa M wrote:
> Here are the details of the vulnerability.
>
> Title: SSL/TLS Server Accepts RSA_EXPORT Cipher Suites (FREAK)
> CVE ID: CVE-2015-0204
> Diagnosis: The remote SSL/TLS server accepts RSA_EXPORT cipher suites which is vulnerable
to session downgrade vulnerability.
> Result: Exploitation allows an attacker to bypass security restrictions on the targeted
host.
> Recommended Solution: Disable RSA_EXPORT cipher suites.
>
> Trying to find how to apply this fix in Tomcat 7. Appreciate your help!

Update to the latest JRE and TC versions.


>
>
> Regards
>
> Srinivasa(Vasu) Penubothu
>
> Mortgage Build & Deployment Team
> • MTGBDT SharePoint Site
> • MTGBDT Nexus Engagement Link
> Division: Mortgage Technology
> Phones: 469-201-8855(Work)
>                214-250-8424(Mobile)
> Email: srinivasa.penubothu@bankofamerica.com
>
>
> -----Original Message-----
> From: Neill Lima [mailto:neill.lima@visual-meta.com]
> Sent: Friday, May 15, 2015 7:15 AM
> To: Tomcat Users List
> Subject: Re: CVE-2015-0204 - FREAK vulnerability on tomcat 7.
>
> We would love to help but without the bare minimum description we are unable to do so.
>
> Sorry!
>
> On Fri, May 15, 2015 at 2:10 PM, Penubothu, Srinivasa M < srinivasa.penubothu@bankofamerica.com<mailto:srinivasa.penubothu@bankofamerica.com>>
wrote:
>
>> Hello, I am looking for help with fixing FREAK vulnerability on tomcat 7.
>> I am unable to find a solution for tomcat. Any help would be much
>> appreciated.
>>
>> Regards
>>
>> Srinivasa(Vasu) Penubothu
>>
>> ----------------------------------------------------------------------
>> This message, and any attachments, is for the intended recipient(s)
>> only, may contain information that is privileged, confidential and/or
>> proprietary and subject to important terms and conditions available at
>> http://www.bankofamerica.com/emaildisclaimer.   If you are not the
>> intended recipient, please delete this message.
>>
>
>
> ----------------------------------------------------------------------
> This message, and any attachments, is for the intended recipient(s) only, may contain
information that is privileged, confidential and/or proprietary and subject to important terms
and conditions available at http://www.bankofamerica.com/emaildisclaimer.   If you are not
the intended recipient, please delete this message.
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message