> From: Aditi Sinha [mailto:adisinha0...@gmail.com]
> Subject: Need info on CVE-2014-0050
> We are using Tomcat 7.0.40 as web server.
> How can we confirm if our application is vulnerable or not to CVE-2014-0050?
Read the relevant security pages:
http://tomcat.apache.org/security-7.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050
Are you using Apache Commons FileUpload or a variant thereof? If not, then
CVE-2014-0050 doesn't apply. If you are using FileUpload directly, rebuild
your webapp with the newer version. If you're using Tomcat's implementation of
FileUpload, you should upgrade to 7.0.52 or newer.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org