-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pid,
On 12/7/2009 5:23 AM, Pid wrote: > On 07/12/2009 04:53, Saw Chee Hong wrote: >> Currently mytomcat version was 5.0.27. I have check the >> ‘tomcat-users.xml’ file and it doesn’t consist the ‘admin’ user in >> the file. > > Then you are not at risk from *this particular* issue. +1 >> Does this mean that my tomcat is safe? > > No idea. That's too open ended a question - we can't tell what else > you've done to it. +1 Please note that Tomcat 5.0 is no longer supported. There could be unpatched security vulnerabilities in your version that will /never be fixed/ due to its "unsupported" status. You should upgrade to Tomcat 6.0 at your earliest convenience. ... and make sure you re-check the tomcat-users.xml file. Better yet, delete it and don't use it ;) - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksedQ4ACgkQ9CaO5/Lv0PAjnACffIS/MQbAbHuLrelAsQgPC7eI ZIIAoIQhj1ymXRINljjQIUU9GsWW56Ja =NKvu -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
