> From: Aditi Sinha [mailto:adisinha0...@gmail.com] > Subject: Need info on CVE-2014-0050
> We are using Tomcat 7.0.40 as web server. > How can we confirm if our application is vulnerable or not to CVE-2014-0050? Read the relevant security pages: http://tomcat.apache.org/security-7.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050 Are you using Apache Commons FileUpload or a variant thereof? If not, then CVE-2014-0050 doesn't apply. If you are using FileUpload directly, rebuild your webapp with the newer version. If you're using Tomcat's implementation of FileUpload, you should upgrade to 7.0.52 or newer. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
