On 15/11/2017 19:05, Jason Liebig wrote: > Hello, We are running Tomcat version 8.0.33 and we see numerous > vulnerabilities from a scan of our companies MSI files related to > vulnerabilities in Tomcat 8.0.33. We have found CVE's such as > CVE-2016-3092 and CVE-2016-1240 we are trying to find out if Windows > Server is affected or if these are exclusive to Linux. Can you > confirm or point me in the direction of documentation that could help > us identify if certain CVE's are affecting Windows 2016? Thanks.
https://tomcat.apache.org/security-8.html CVE-2016-3092 - Windows is affected. CVE-2016-1240 - This was a vulnerability in a subset of Linux distributions. Windows was not affected. Nor was any distribution obtained directly from the ASF. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
