Hi All, We have multiple vulnerabilities in our environment ( AIX ) which are related to Apache, Apache Tomcat and Apache HTTP.
Please let me know if there is a link to documentation which we can use to patch these vulnerabilities. AIX OS version : 6100-09-05-1524 Note: These vulnerabilities are identified in a single server. So, please let me know if installing a highest version of the patch can resolve all the vulnerabilities or suggest alternatives for the same. Any help would be appreciated. Vulnerability details: Vendor ID Impacted issue Apache Tomcat Apache Tomcat Arbitrary File Upload Vulnerability Apache 2.2.15 Apache HTTP Server Prior to 2.2.15 Multiple Vulnerabilities Apache httpd 2.2.22 Apache HTTP Server Multiple Denial of Service Vulnerabilities Apache Apache HTTP Server multiple vulnerabilities Apache Apache HTTP Server Prior to 2.2.23 Multiple Vulnerabilities Apache HTTP Server 2.2 Vulnerabilities Apache HTTP Server mod_deflate Denial of Service Vulnerability Apache httpd 2.2 Vulnerabilities,Apache httpd 2.4 Vulnerabilities Apache Prior to 2.4.4 and 2.2.24 Multiple Vulnerabilities Apache Tomcat Apache Tomcat Information Disclosure and Denial of Service Vulnerability Tomcat 6.0,Tomcat 7.0,Tomcat 8.0 Apache Tomcat Multiple Vulnerabilities Tomcat 6.0,Tomcat 7.0,Tomcat 8.0 Apache Tomcat Multiple Vulnerabilities Apache SVN Apache Commons FileUpload Content Type Denial of Service Vulnerability Tomcat 7.0.40 Apache Tomcat AsyncListener Method RuntimeException Vulnerability Apache 2.2.25 Apache HTTP Server Prior to 2.2.25 Multiple Vulnerabilities Tomcat 7.0.28,Tomcat 6.0.36 Apache Tomcat Denial of Service Vulnerabilities Tomcat 6.0.36,Tomcat 7.0.32 Apache Tomcat CSRF Prevention Filter Bypass Tomcat 7.0.30,Tomcat 6.0.37 Apache Tomcat Chunked Transfer Encoding Denial of Service Vulnerability Tomcat 6.0.37,Tomcat 7.0.33 Apache Tomcat FormAuthenticator Session Hijacking Weakness Apache2.2.19,Apache HTTP Server 2.0 Vulnerabilities Apache HTTP Server APR "apr_fnmatch()" Denial of Service Vulnerability<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%07Apache%20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity> Apache Revision 772997,RHSA-2009-1075<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%07Apache%20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity> Apache HTTP Server AllowOverride Options Security Bypass<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%07Apache%20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity> Apache Tomcat 7.0.22,Apache Tomcat 6.0.35<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%07Apache%20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity> Apache Tomcat Hash Collision Denial of Service Vulnerability<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%07Apache%20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity> Tomcat 5.5.34,Tomcat 7.0.21,Tomcat 6.0.35<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%07Apache%20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity> Apache Tomcat AJP Protocol Security Bypass Vulnerability<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%07Apache%20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity> Apache 2.2,IBM HTTP Server<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%07Apache%20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity> Apache HTTP Server HttpOnly Cookie Information Disclosure Vulnerability<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%07Apache%20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity> Tomcat 6.0,Tomcat 7.0,Tomcat 8.0<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%07Apache%20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity> Apache Tomcat Multiple Vulnerabilities<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%07Apache%20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity> Tomcat 6.0,Tomcat 7.0,Tomcat 8.0<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%07Apache%20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity> Apache Tomcat Input Validation Security Bypass Vulnerability<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%07Apache%20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity> Tomcat 6.0.36,Tomcat 7.0.30<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%07Apache%20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity> Apache Tomcat Security Constraints Bypass<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%07Apache%20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity> Apache Tomcat 7.0.22<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%07Apache%20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity> Apache Tomcat Manager Application Servlets Security Bypass Vulnerability<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%07Apache%20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity> Apache HTTP Server 2.2<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%07Apache%20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity> Apache HTTP Server APR-util Multiple Denial of Service Vulnerabilities<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%07Apache%20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity> Apache Tomcat 7.0.14<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%07Apache%20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity> Apache Tomcat "@ServletSecurity<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%07Apache%20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity>" Annotation Security Bypass Vulnerability Tomcat 7,Tomcat 6,Tomcat 5 Apache Tomcat MemoryUserDatabase Password Disclosure Vulnerability Regards, Hariprasad Satyamurty Global Infrastructure Services | Manulife Asia Email : hariprasad_satyamur...@manulife.com<mailto:hariprasad_satyamur...@manulife.com> STATEMENT OF CONFIDENTIALITY The information contained in this email message and any attachments may be confidential and legally privileged and is intended for the use of the addressee(s) only. If you are not an intended recipient, please: (1) notify me immediately by replying to this message; (2) do not use, disseminate, distribute or reproduce any part of the message or any attachment; and (3) destroy all copies of this message and any attachments.