Yes. Thanks & regards, Wilson Fu Tel: 3182 6675
ww...@ogcio.gov.hk 26.10.2010 10:42 Please respond to "Tomcat Users List" <users@tomcat.apache.org> To users@tomcat.apache.org cc Subject Help on upgrade tomcat bundled with JBoss for resolving tomcat security issue -[SECURITY] CVE-2008-5515 RequestDispatcher directory traversal vulnerability Dear Sir/Madam, Recently it has been checked that there is security vulnerability for the tomcat (version 5.0.9) shipped with the JBoss 4.0.3SP1. >From the link below, it is recommended to upgrade to 5.5.28. http://marc.info/?l=tomcat-user&m=124449799021571&w=2 We have tried to upgrade the some tomcat library for version 5.5.31 by following with the steps we found in the web in http://itapproaches.blogspot.com/2010/08/upgrading-tomcat-in-jboss-405.html Yet we have encountered the exception (as attached for your reference). Should we upgrade the tomcat only, without upgrading the JBoss AS? We would much appreciate it if you could advise you how we could resolve the situation, so as to address the security vulnerability at your earliest convenience. Thanks for your effort in advance. Again, here is our configuration: JBoss 4.0.3SP1 Tomcat 5.5.9 Many thanks! Wilson Fu [attachment "error.txt" deleted by Wilson WT FU/OGCIO/HKSARG] --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
