The version of Apache that is shown in JIRA is Apache Tomcat/6.0.20, I was told that this update was needed from foundstone after a recent scan was done. This is a 32-bit VM. Here are some the vulnarabilites that we found, but most of the problems found tell us the same thing of how to fix them which is to go to the next upgrade/update of Apache.
Apache Tomcat WAR Deployment Directory Traversal Vulnerability The vendor has made an updated version available for remediation: http://svn.apache.org/viewvc?view=revision&revision=902650 For Apache Tomcat 5.5.x, upgrade to 5.5.29 or later. For Apache Tomcat 6.0.x, upgrade to 6.0.24 or later. Apache Tomcat Failed Deployment Information Disclosure Vulnerability The vendor has made an updated version available for remediation. For Apache Tomcat 5.5.x, upgrade to 5.5.29 or later. For Apache Tomcat 6.0.x, upgrade to 6.0.24 or later. Apache Tomcat WAR File Names Directory Traversal Vulnerability The vendor has made an updated version available for remediation. For Apache Tomcat 5.5.x, upgrade to 5.5.29 or later. For Apache Tomcat 6.0.x, upgrade to 6.0.24 or later. Apache Tomcat NIO Connector Denial Of Service The vendor has released an update to address the issue: http://tomcat.apache.org/security-7.html Anthony Palmer Business Information Solutions ETL Data Warehouse Analyst LM Aeronautics IS&t - Marietta Phone: 770-494-1031 Email: anthony.pal...@lmco.com<mailto:anthony.pal...@lmco.com>
