Re: [Fwd: Re: Tomcat 5.5.23 Question]

Tue, 10 Apr 2007 14:03:36 -0700 


Laura,

It's true that there's a problem with double negative phrases.

So to be more explict. As far as I can read from the report you showed 
the problem WOULD NOT EXIST ON STANDALONE TOMCAT.

You can go without upgrade at least on basis of this specific security hole.


Laura McCord escribió:

So, since we are using Tomcat as a standalone then this would apply, right?

Thanks,
 Laura



Rui Monteiro wrote:

  

And just in case! It desn't seem to apply in case you don't have
Apache Server + Apache Tomcat through connector.

-------- Mensaje original --------

Supposing the security vulnerability to be true as it seems (but i
didn't check) means first of all that if you don't have the Tomcat
Manager Aplication working and you don't have more than one web
aplication or at least you don't have any other application proxified
then you don't have to worry.

Anyway you can run tomcat 5.5 with java 1.4 but it needs configuration.

Hope it helps.

Laura McCord escribió:

    

I currently have Tomcat 5.0.28 installed and we received a security
vulnerability notice pertaining to a "Apache Tomcat Directory
Traversal".
http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0167.html

We were thinking about upgrading to version 5.5.23 but is it true that
we would have to upgrade our java installation from 1.4 to java 5?

Also, if anyone is familiar with this security vulnerability can you
please explain what this means?

Thanks.

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




  
      

    


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




  



--


--



---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to