-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
All,
Great catch to all who were involved in discovery and mitigation of this
vulnerability.
Since the APR flavor of this vulnerability uses native code to crash the
JVM and/or read files without asking the SecurityManager for permission,
does that m
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2011-2526: Apache Tomcat Information disclosure and availability
vulnerabilities
Severity: low
Vendor:
The Apache Software Foundation
Versions Affected:
Tomcat 7.0.0 to 7.0.18
Tomcat 6.0.0 to 6.0.32
Tomcat 5.5.0 to 5.0.33
Previous