Owen, Scott A CTR IT/IM Bldg1490: > I am currently running Tomcat 5.5.27 on a Windows 2003 server for the > application Business Objects Enterprise XI R2. > > I have been notified by my IA department of an IAVA that has been > identified and needs immediate action. > > The IAVM is 2009-B-0026_0028 and references the following CVE > vulnerabilities: > > CVE-2008-5515 CVE-2009-0033 CVE-2009-0580 CVE-2009-0781 CVE-2009-0783 > > > I have searched the Apache Tomcat site for any assistance, and the > only thing I am able to find references a fix in Tomcat 5.5.SVN. > However, I am unable to find this package to install on my server to > resolve these vulnerabilities.
This is not a "package" you can install but (probably) refers to the current state of development, where those vulnerabilities are already fixed. > Can somebody point me in the right direction on implement this fix to > make my system compliant with this identified IAVA? Look at the corresponding announcements here: http://mail-archives.apache.org/mod_mbox/tomcat-announce/ For CVE-2009-0781 see: http://mail-archives.apache.org/mod_mbox/tomcat-dev/200903.mbox/%3c49b147b2.1060...@apache.org%3e But this vulnerability only effects a component of the example webapps - which shouldn't be deployed on a production server anyway. -- Regards mks --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
