Re: FW: Apache Vulnerability - Understanding Connector Protocols

Christopher Schultz Thu, 01 Aug 2019 16:40:39 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Michael,


On 8/1/19 15:21, Michael Osipov wrote:
> Am 2019-08-01 um 21:19 schrieb Mark Thomas:
>> On 01/08/2019 20:07, Justiniano, Tony wrote:
>>> And that is what I was thinking, inadvertently, our scanning
>>> tool just found the apache version during a scan and
>>> corresponded it (the apache version) with a CVE.
>>> 
>>> Do you concur?
>> 
>> Sounds likely. Most low quality scanning tools only look at the
>> version number.
> 
> I was told the same security by obscurity nonsense by our ISEC
> team.

The OP should just set their reported version number to Tomcat 4.3 and
let it completely freak out.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl1DeFsACgkQHPApP6U8
pFixVBAAtRtkVQipOISzRnd7eFUpKTgpZeENUvbJlCSrgiKu66IJx+1WDdO81zmj
mAk+F2syOoZgThiB5icu6gISwcpJm4yWWQOb+QileSQtjvkhdgueiv1Hwla74fm3
jz/FtFc+6xiYGSG07/O9RgJASeM7Dabo+UB7KCXrDpL2WxDw1hU8kWUYIpnR16Ub
1DlXtOcIlnFe5FLld4WR8VHO6kAjNJd25EvYNqpEOfkG2WpJwkhGsMyDHcom40AF
H5b7nrtpAVi1kaiyWcGVGpyFqUjZfdXYHM9bDDn1dsAkMBiYNDg8tlMT8JtkzZK9
ULKBwnEJdeKJ6PvVfSDpsRYkSCqVJJXS/5X5Wx41VhbrHxKvnywimHNNxB3bQbAn
LW1rvsP1aD1GaDzBwP2DoUKVUeMqhnVGwM75/Dyi7UjVu79xhoQpnR5aNmtB+k5/
Kasib1LdFvNpZTs/1UgoG/JjVOd6j8nDe0U44cC23eSYBnq8bsGuaCUmSgsNOvOF
ykA/0cMoGNFw481GZhgggOfAA+l+4m+x8CDQrawlq5d5Hx/6dBDGSjUqo0XWSg0J
zJmJxPVj0024aD0Lt+ZO3U9Z0qIQ8doc0AkKO6t5wFJGAWTccDMsQAQV4UejRBDt
dXpJdvqmZ28yxoOK2PNs8Swo1dg1iFF1xgqtu254nWqlU3/3xV8=
=z4EQ
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: FW: Apache Vulnerability - Understanding Connector Protocols

Reply via email to