Re: Fix CVE tomcat 6.0.18 with out upgrade

2013-05-08 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Suresh, On 5/8/13 12:11 PM, suresh babu yella wrote: > We are using tomcat 6.0.18 and we found below number of Common > Vulnerabilities and Exposures (CVE). > > High Vulns: 98 > > Medium Vulns: 50 > > Low Vulns: 6 We cannot upgrade/patch any of

Re: Fix CVE tomcat 6.0.18 with out upgrade

2013-05-08 Thread David Smith
On 5/8/13 1:17 PM, suresh babu yella wrote: > Hi Dan, > > We might consider for upgrading the tomcat later, due to to supportability > concerns from Autonomy we cannot upgrade it to any of the higher version. > > but right now we are looking to apply the fix for all CVE's we identified, > it will b

Re: Fix CVE tomcat 6.0.18 with out upgrade

2013-05-08 Thread Daniel Mikusa
On May 8, 2013, at 1:17 PM, suresh babu yella wrote: > Hi Dan, > > We might consider for upgrading the tomcat later, due to to supportability > concerns from Autonomy we cannot upgrade it to any of the higher version. I don't know that vendor, but it sounds like you might need to have a convers

Re: Fix CVE tomcat 6.0.18 with out upgrade

2013-05-08 Thread Mark Thomas
suresh babu yella wrote: >Hi Dan, > >We might consider for upgrading the tomcat later, due to to >supportability >concerns from Autonomy we cannot upgrade it to any of the higher >version. > >but right now we are looking to apply the fix for all CVE's we >identified, >it will be great if you can

Re: Fix CVE tomcat 6.0.18 with out upgrade

2013-05-08 Thread suresh babu yella
Hi Dan, We might consider for upgrading the tomcat later, due to to supportability concerns from Autonomy we cannot upgrade it to any of the higher version. but right now we are looking to apply the fix for all CVE's we identified, it will be great if you can let me know the procedure. Thanks Su

Re: Fix CVE tomcat 6.0.18 with out upgrade

2013-05-08 Thread Daniel Mikusa
On May 8, 2013, at 12:11 PM, suresh babu yella wrote: > We are using tomcat 6.0.18 and we found below number of Common > Vulnerabilities and Exposures (CVE). Not surprising given the version that you are using. Latest version is 6.0.37. > > High Vulns: 98 > > Medium Vulns: 50 > > Low Vulns:

Fix CVE tomcat 6.0.18 with out upgrade

2013-05-08 Thread suresh babu yella
We are using tomcat 6.0.18 and we found below number of Common Vulnerabilities and Exposures (CVE). High Vulns: 98 Medium Vulns: 50 Low Vulns: 6 We cannot upgrade/patch any of those components due to supportability concerns from Autonomy. How can I apply a fix for all the CVE, I see the build