On 28/11/2013 06:36, Ben Stringer wrote: > On Thu, November 28, 2013 5:15 pm, kanishk.se...@accenture.com wrote: >> Hi All, >> > > Hi Kanishhk, > >> We are using Apache tomcat version 6.0.26 and we need to install below >> patches on our servers to fix some Vulnerabilities. >> >> http://svn.apache.org/viewvc?view=revision&revision=958911 >> http://svn.apache.org/viewvc?view=revision&revision=958977 >> http://svn.apache.org/viewvc?view=revision&revision=959428 >> http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03298151 >> http://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2012-05-584&actionBtn=Search > > Is the Apache tomcat instance you are using bundled with the applications > above (from HP, Juniper)? If so, you should get an updated release from > those vendors, as they should have bundled a higher version of Tomcat that > resolves the issues.
+1. Both the HP page and the Juniper page provide details of how to obtain an updated version of their respective products that includes the fixes. If you really want to do this by hand (not recommended) then the starting point is downloading the 6.0.26 src distribution or checking out the 6.0.26 tag and building from source. > You can cross-check your list of CVE vulnerabilities against Tomcat > versions at this page: > > http://tomcat.apache.org/security.html > > Looks like 6.0.37 is the latest version of Tomcat 6. It is. And there are quite a few vulnerabilities fixed since 6.0.26. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
