Subject: Re: Tomcat 5.5.23 Question
Laura McCord wrote:
I currently have Tomcat 5.0.28 installed and we received a security
vulnerability notice pertaining to a Apache Tomcat Directory
Traversal.
http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0167.html
We were thinking about
James Reinertson wrote:
It was my understanding that Tomcat 5.5 could be configured to use JRE
1.4 and that it had no need for an external JDK compiler.
This is correct. A 1.4 JRE works just as well as a 1.4 JDK.
Mark
-
To
?
-Original Message-
From: Mark Thomas [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 11, 2007 5:00 PM
To: Tomcat Users List
Subject: Re: Tomcat 5.5.23 Question
James Reinertson wrote:
It was my understanding that Tomcat 5.5 could be configured to use JRE
1.4 and that it had no need
On 4/11/07, James Reinertson [EMAIL PROTECTED] wrote:
All right. So then I have two questions.
1. Is it possible to have two JRE versions (1.4.x and 1.6.x) installed
on the system running Tomcat 5.5 and set Tomcat to use JRE 1.4?
Of course. $JAVA_HOME, $JRE_HOME - set them as you like.
2.
Supposing the security vulnerability to be true as it seems (but i
didn't check) means first of all that if you don't have the Tomcat
Manager Aplication working and you don't have more than one web
aplication or at least you don't have any other application proxified
then you don't have to
And just in case! It desn't seem to apply in case you don't have Apache
Server + Apache Tomcat through connector.
Mensaje original
Supposing the security vulnerability to be true as it seems (but i
didn't check) means first of all that if you don't have the Tomcat
Manager
You may want to double-check with the people who wrote the report,
just to be sure.
I have a small site hosted on Tomcat 5.5.9 and I think the host
provider is using Apache connector --- my site often crashes and shuts
down and I sometimes see the directory structure. But it might not be
because
I have multiple installations of Tomcat on various servers. One in
particular is our portal server that does not have the tomcat manager
accessible so it should be fine. However, we do have another
installation on a different server that an administrator uses to
upload/modify existing web
Laura,
It's true that there's a problem with double negative phrases.
So to be more explict. As far as I can read from the report you showed
the problem WOULD NOT EXIST ON STANDALONE TOMCAT.
You can go without upgrade at least on basis of this specific security hole.
Laura McCord escribió:
oh ok.
thanks ;)
Rui Monteiro wrote:
Laura,
It's true that there's a problem with double negative phrases.
So to be more explict. As far as I can read from the report you showed
the problem WOULD NOT EXIST ON STANDALONE TOMCAT.
You can go without upgrade at least on basis of this
10 matches
Mail list logo
