tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rémy Maucherat <r...@apache.org>
Subject Re: Is tomcat6.0 impacted with these vulnerabilities (CVE-2018-1304, CVE-2018-1305)?
Date Wed, 04 Apr 2018 12:01:51 GMT
On Wed, Apr 4, 2018 at 1:02 PM, Mark Thomas <markt@apache.org> wrote:

> On 04/04/18 11:54, Rémy Maucherat wrote:
> > On Wed, Apr 4, 2018 at 12:05 PM, Venkata Reddy (Trianz) <
> > Venkata.Reddy@trianz.com> wrote:
> >
> >> Hi Team,
> >>
> >> Could you please help me on whether tomcat6.0.53 version is also
> impacted
> >> with these vulnerabilities (CVE-2018-1304,
> >
> >
> > Yes.
>
> I thought root context mapping was introduced in Servlet 3.0 (Tomcat 7).
> Did we back-port it?
>

Ok, I think you are right as the text on the "special" - it doesn't look so
spacial to me, as it's an exact path - "" path seems to be added in Servlet
3.0. It's a situation where I don't really know what it does in Tomcat 6.0.
On the other one, I know for sure there's no ServletSecurity annotation :)

Rémy


>
> Mark
>
>
> >
> >
> >> CVE-2018-1305)?
> >>
> >
> > No.
> >
> > Rémy
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message