Tadelkar, Gauravsagar (Gaurav) wrote: > I have a tomcat at version 5.5.15 in a standalone mode and due to some > compulsions cannot upgrade it. Does the directory traversal > vulnerability affect tomcat in a standalone mode (the 5.5.15 ver does > not have a fix to this vulnerability)?
No it doesn't. However, there are plenty of other vulnerabilities (eg CVE-2008-5515) that do. > Alternately, is there a way I can secure/work around this vulnerability > without upgrading? You'd have to look at each vulnerability on a case by case basis. Upgrading to 5.5.28 is likely to be less painful than any of the alternatives. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
