-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bruce,
On 9/28/2011 1:44 PM, Wilde, Bruce R. wrote: > So, what are security minded system administrators to do about > mitigating CVE-2011-3190 against V6.0.33? This is the option I chose: > (c) Configure both Tomcat and the reverse proxy to use a shared > secret. You could also switch to the non-APR connector: > (d) Use the org.apache.jk.server.JkCoyoteHandler (BIO) AJP > connector implementation. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6DmdEACgkQ9CaO5/Lv0PBNCwCfWGvziAArTZL/sEjSxLgYyxeE esYAoJV+m2dSYqJCubcpgsG0XLA/1Ibw =yuL8 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
