Re: [Fwd: Re: Tomcat 5.5.23 Question]

2007-04-10 Thread Mark Thomas
Laura McCord wrote: > So, since we are using Tomcat as a standalone then this would apply, right? On standalone Tomcat this is not an issue since there is no proxy. Mark - To start a new topic, e-mail: users@tomcat.apache.org T

Re: [Fwd: Re: Tomcat 5.5.23 Question]

2007-04-10 Thread Laura McCord
oh ok. thanks ;) Rui Monteiro wrote: > > > Laura, > > It's true that there's a problem with double negative phrases. > So to be more explict. As far as I can read from the report you showed > the problem WOULD NOT EXIST ON STANDALONE TOMCAT. > You can go without upgrade at least on basis of this

Re: [Fwd: Re: Tomcat 5.5.23 Question]

2007-04-10 Thread Rui Monteiro
Laura, It's true that there's a problem with double negative phrases. So to be more explict. As far as I can read from the report you showed the problem WOULD NOT EXIST ON STANDALONE TOMCAT. You can go without upgrade at least on basis of this specific security hole. Laura McCord escribió:

Re: [Fwd: Re: Tomcat 5.5.23 Question]

2007-04-10 Thread Rashmi Rubdi
I tried to replicate the vulnerability on my site, but I couldn't really traverse the directory tree in the way they've indicated, so I can't really confirm whether there's a vulnerability or not. -Rashmi On 4/10/07, Laura McCord <[EMAIL PROTECTED]> wrote: However, we do have another installati

Re: [Fwd: Re: Tomcat 5.5.23 Question]

2007-04-10 Thread Laura McCord
I have multiple installations of Tomcat on various servers. One in particular is our portal server that does not have the tomcat manager accessible so it should be fine. However, we do have another installation on a different server that an administrator uses to upload/modify existing web applicati

Re: [Fwd: Re: Tomcat 5.5.23 Question]

2007-04-10 Thread Rashmi Rubdi
You may want to double-check with the people who wrote the report, just to be sure. I have a small site hosted on Tomcat 5.5.9 and I think the host provider is using Apache connector --- my site often crashes and shuts down and I sometimes see the directory structure. But it might not be because

Re: [Fwd: Re: Tomcat 5.5.23 Question]

2007-04-10 Thread Laura McCord
So, since we are using Tomcat as a standalone then this would apply, right? Thanks, Laura Rui Monteiro wrote: > And just in case! It desn't seem to apply in case you don't have > Apache Server + Apache Tomcat through connector. > > Mensaje original > > Supposing the security

[Fwd: Re: Tomcat 5.5.23 Question]

2007-04-10 Thread Rui Monteiro
And just in case! It desn't seem to apply in case you don't have Apache Server + Apache Tomcat through connector. Mensaje original Supposing the security vulnerability to be true as it seems (but i didn't check) means first of all that if you don't have the Tomcat Manager Ap