Lynch, Charles [USA] wrote:
Seeking guidance on mitigation of
CVE-2014-7810<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7810> on
Apache Tomcat 6.0.37. Upgrading to 6.0.43 is not an option for my team at the moment,
and we need to secure our install via other means until the patch can be applied. If
there are any workaround that can be provided it would be much appreciated. Thank you.
Hi.
Maybe the first thing to ask yourself, is if you are in a situation where you are really
vulnerable to this vulnerability.
I am not an expert, but from the description, it sounds like this vulnerability could only
be exploited by someone who has the possibility to load a malicious web application into
the Tomcat system, and have it be run.
Is that your case ?
See
http://mail-archives.apache.org/mod_mbox/www-announce/201505.mbox/%3c5554ab1c.7050...@apache.org%3E
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org