On 22 Sep 2011, at 14:21, "BARRON, HAROLD H CTR DISA EE" <harold.barron....@disa.mil> wrote:
> Classification: UNCLASSIFIED > Caveats: NONE > > Thanks....it's kind of hard to understand how to implement this workaround > but I will look into it. Do you use HTTPD with mod_jk or mod_proxy_ajp in front if Tomcat? What is hard to understand, maybe we can help... ? p > Appreciate the response. > > -----Original Message----- > From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] > Sent: Wednesday, September 21, 2011 7:02 PM > To: Tomcat Users List > Subject: Re: Apache Tomcat 5.5.34 Question (UNCLASSIFIED) > > 2011/9/21 BARRON, HAROLD H CTR DISA EE <harold.barron....@disa.mil>: >> >> Apache Tomcat AJP Protocol Security Bypass and Information Disclosure >> Vulnerability - (CVE-2011-3190): >> > > 1. Mitigation options are listed here: > http://tomcat.apache.org/security-5.html > http://tomcat.apache.org/security-6.html > > Both 5.5 and 6.0 have a connector implementation that is not > vulnerable to this issue > > 2. 5.5.34 binaries are already available for testing and have good > chances to be officially released in the following days. 6.0.34 > release plans have not been discussed (with 6.0.33 being released not > so long ago). > > Best regards, > Konstantin Kolinko > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > Classification: UNCLASSIFIED > Caveats: NONE > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
