Re: CVE-2015-0204 - FREAK vulnerability on tomcat 7.

Fri, 15 May 2015 05:39:21 -0700 

On 5/15/2015 8:23 AM, Penubothu, Srinivasa M wrote:

Here are the details of the vulnerability.

Title: SSL/TLS Server Accepts RSA_EXPORT Cipher Suites (FREAK)
CVE ID: CVE-2015-0204
Diagnosis: The remote SSL/TLS server accepts RSA_EXPORT cipher suites which is 
vulnerable to session downgrade vulnerability.
Result: Exploitation allows an attacker to bypass security restrictions on the 
targeted host.
Recommended Solution: Disable RSA_EXPORT cipher suites.

Trying to find how to apply this fix in Tomcat 7. Appreciate your help!


Update to the latest JRE and TC versions.





Regards

Srinivasa(Vasu) Penubothu

Mortgage Build & Deployment Team
• MTGBDT SharePoint Site
• MTGBDT Nexus Engagement Link
Division: Mortgage Technology
Phones: 469-201-8855(Work)
               214-250-8424(Mobile)
Email: srinivasa.penubo...@bankofamerica.com


-----Original Message-----
From: Neill Lima [mailto:neill.l...@visual-meta.com]
Sent: Friday, May 15, 2015 7:15 AM
To: Tomcat Users List
Subject: Re: CVE-2015-0204 - FREAK vulnerability on tomcat 7.

We would love to help but without the bare minimum description we are unable to 
do so.

Sorry!

On Fri, May 15, 2015 at 2:10 PM, Penubothu, Srinivasa M < 
srinivasa.penubo...@bankofamerica.com<mailto:srinivasa.penubo...@bankofamerica.com>>
 wrote:


Hello, I am looking for help with fixing FREAK vulnerability on tomcat 7.
I am unable to find a solution for tomcat. Any help would be much
appreciated.

Regards

Srinivasa(Vasu) Penubothu

----------------------------------------------------------------------
This message, and any attachments, is for the intended recipient(s)
only, may contain information that is privileged, confidential and/or
proprietary and subject to important terms and conditions available at
http://www.bankofamerica.com/emaildisclaimer.   If you are not the
intended recipient, please delete this message.




----------------------------------------------------------------------
This message, and any attachments, is for the intended recipient(s) only, may 
contain information that is privileged, confidential and/or proprietary and 
subject to important terms and conditions available at 
http://www.bankofamerica.com/emaildisclaimer.   If you are not the intended 
recipient, please delete this message.




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to