Re: [External] Re: CVE-2014-7810 Mitigation

2015-06-25 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 André, On 6/25/15 8:32 AM, André Warnier wrote: > Lynch, Charles [USA] wrote: >> You are saying a malicious actor would need to be on the server >> itself to load an application? >> > > Basically yes, or be allowed to load and deploy applications

Re: [External] Re: CVE-2014-7810 Mitigation

2015-06-25 Thread André Warnier
be informed, isn't it ?) From: André Warnier [a...@ice-sa.com] Sent: Thursday, June 25, 2015 8:32 AM To: Tomcat Users List Subject: Re: [External] Re: CVE-2014-7810 Mitigation Lynch, Charles [USA] wrote: You are saying a malicious actor would need to be o

RE: [External] Re: CVE-2014-7810 Mitigation

2015-06-25 Thread Lynch, Charles [USA]
] Re: CVE-2014-7810 Mitigation Lynch, Charles [USA] wrote: > You are saying a malicious actor would need to be on the server itself to > load an application? > Basically yes, or be allowed to load and deploy applications via the Manager application (which is either not installed,

Re: [External] Re: CVE-2014-7810 Mitigation

2015-06-25 Thread André Warnier
clear in the mail archive article I quoted below, which is signed by one of the core Tomcat developers. From: André Warnier [a...@ice-sa.com] Sent: Thursday, June 25, 2015 7:55 AM To: Tomcat Users List Subject: [External] Re: CVE-2014-7810 Mitigation Lynch

RE: [External] Re: CVE-2014-7810 Mitigation

2015-06-25 Thread Lynch, Charles [USA]
You are saying a malicious actor would need to be on the server itself to load an application? From: André Warnier [a...@ice-sa.com] Sent: Thursday, June 25, 2015 7:55 AM To: Tomcat Users List Subject: [External] Re: CVE-2014-7810 Mitigation Lynch, Charles [USA

Re: CVE-2014-7810 Mitigation

2015-06-25 Thread André Warnier
Lynch, Charles [USA] wrote: Seeking guidance on mitigation of CVE-2014-7810 on Apache Tomcat 6.0.37. Upgrading to 6.0.43 is not an option for my team at the moment, and we need to secure our install via other means until the patch ca

CVE-2014-7810 Mitigation

2015-06-25 Thread Lynch, Charles [USA]
Seeking guidance on mitigation of CVE-2014-7810 on Apache Tomcat 6.0.37. Upgrading to 6.0.43 is not an option for my team at the moment, and we need to secure our install via other means until the patch can be applied. If there are an