> From: Aditi Sinha [mailto:[email protected]] > Subject: Need info on CVE-2014-0050
> We are using Tomcat 7.0.40 as web server. > How can we confirm if our application is vulnerable or not to CVE-2014-0050? Read the relevant security pages: http://tomcat.apache.org/security-7.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050 Are you using Apache Commons FileUpload or a variant thereof? If not, then CVE-2014-0050 doesn't apply. If you are using FileUpload directly, rebuild your webapp with the newer version. If you're using Tomcat's implementation of FileUpload, you should upgrade to 7.0.52 or newer. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
