-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Suresh,
On 5/8/13 12:11 PM, suresh babu yella wrote: > We are using tomcat 6.0.18 and we found below number of Common > Vulnerabilities and Exposures (CVE). > > High Vulns: 98 > > Medium Vulns: 50 > > Low Vulns: 6 We cannot upgrade/patch any of those components due to > supportability concerns from Autonomy. > > How can I apply a fix for all the CVE Easy: C:\Program Files\Apache Software Foundation\Tomcat 6.0.18> bin\shutdown.sh Fixed. > I see the build instructions in below link but I was looking for > applying the fixes without upgrade. You would have to read the entire Subversion repository history involving Tomcat, evaluate each commit to determine its applicability to each CVE, apply them in order, fix any conflicts, then build the resulting source tree. Oh, and you'd then once again have an unsupported version of Tomcat (unsupported by both the ASF and Autonomy). Tomcat does not provide patches for CVEs: instead, the Tomcat team provides whole new versions that include (alleged) fixes for those CVEs. It's time to upgrade: you are hideously out of date. If Autonomy won't support running on a properly-patched version of Tomcat, then you shouldn't be running their software. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJRio2AAAoJEBzwKT+lPKRY7bsP/24Zj3JyUI2IAkvpJHIOLom3 rJkIwsgj2fqugxY4pjFGjQKH/6hYTAlXJl+4SvWaI3JsQYpKpg0jTEXiVJNH5aNt hvGYEb0SLXQ4kjIY0LM/MtdFMms7lAABH2/ulIj3eQyTY/1xbJY9sUpZQvqX2TAB O4WwoM+mhtP+J1fUSiIT1SkeAjGvUkndsrO+Rmb4craR18yq5e49fsrL8UbsjNSF +579TywwiNW0JqefFn88AAXvtRUXQdnSNaeCTTIZOgbQqcDp+UoByWokOFc4jjon xpe5W2rQZCnwz5TDO7yNSUcJrtQA0YFEOUURgn5/Rxi6wSzRobSTuiKbXYq1+fuv Ju4RwzRc7+Zu/q5YtiWQd0/HUOmsxtO+9MuF/GmXGm8+FHEnP9YZZ46waRhfCd9Y iR1wbwW39ODWYIUUbL8TGqGvJpb/bvEj4oBidYFSe5BRMRKFEFZ69QY2UCJE8d70 +WWCXkTVv2sqKxkuJCqCheWlrhLRTWWJUeRIBKay4CJQvTPYx0itTX6CVH3Louve q7uXAagFh5Dftcq5pKQGM94Ot+ph2pGaipXzYzJE6UnAdoY4uuyZVLCPA0jUICx+ ld4yFFyXosXbG2ARFMphIbZmzEjnURbDKU+40IhHvBgTmZS0UA7bFjfdDDhdS2Gq ZP2D2XBEowuUulNkkqjl =w2M5 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
