On 27/02/2014 12:49, Christian Rustøen wrote: > Hi > > Based on the apache security reports i dont see any mention of these CVEs b= > eing fixed in tomcat, and as they have a very high score i would like to kn= > ow if they have been fixed. > These are almost 3-4 years old but as i dont see any mention on them in the= > security reports i would still like to know as im planning to use this con= > tainer in an environment where security is very important. > > CVE-2011-1571
The above issue is a Liferay vulnerability, not an Apache Tomcat vulnerability. > CVE-2010-0557 The above issue is a IBM Cognos Express vulnerability, not an Apache Tomcat vulnerability. Since neither of the above issues is a vulnerability in Apache Tomcat you won't find any information on these vulnerabilities at the ASF. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
