-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Martin,
On 10/1/19 10:35, Martin Cocaro wrote: > Apache Tomcat Users Team, > > The purpose of this email is to request information regarding > Apache Tomcat CVE-2018-8037 > <https://www.securityfocus.com/bid/104894/info> possibly affecting > version 8.0.X (particularly 8.0.53). The CVE was made public on > 22-July-2018, after being privately disclosed on 16-Jun-2018. The > EOL date of Tomcat 8.0.X was 30-Jun-2018. > > Reaching out to you to get confirmation on whether the CVE is > confirmed to not affect the version 8.0.X or if the CVE was not > tested against such version at all as its EOL date preceded the > public disclosure. > > Your help on this matter would be greatly appreciated. That source you are reading (securityfocus) lists all of the vulnerable versions. If you look at the Mitre report, you'll see the same thing, except that they provide a *range* of versions instead of just the individual ones affected. No Tomcat 8.0.x versions appear in the list. I haven't personally tested Tomcat 8.0.x against any proof-of-concept code, but I do not believe it if/was vulnerable to this CVE. - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl2TdBoACgkQHPApP6U8 pFgGRBAAnQ9R4NpHSQUQ+/rfo6Vlf9kJTF9QgnxzrYavUBfFgg97SbfttLYsaN63 +MzyciyLRepi1iESqllHi16R8Yn9JhRZzkhqSue3t7IkybkcKlOJDJXjptqJn6cb Hp9CooAUlU1xt1zfA6w+r3/loXYuj+C1153dw9OqC725N0LsDxG6xvPD5tWhBwP7 3eOMCVzZq/ikVuXeALauhQFnOKywLfOQZWwktHEsX2gmXy9oV+tMwAoljjTqp7JR atbUg4EuWpoV6pPTTKSmAEfLXvYcyBY9pcsgEaJJHhdgBqdppi9MP/vqHlXPuMXr Ps2tkTQJ3NC3UZMKe0MHy6TzbsFzDIVdfRL8kJ6lMSQzufYQF4pHsJyBF8cbZjAT LUT5YffGRMLc5F5oZd5KagVNfL6OZqX3GxaJ9lum9tOTLvlyO4F6ekfhX/mXjhzN w62cJrdIy6ZjVlGsGaQYizotbkIAiw2VkvOC8OZgd61qZPmGg74uiPTwuY67bCPH BjFgXqmQiOILkIGRZVyoevn7wZ4oGixp1GU5O3k1mCI2pnpyKN2M36RvHkgWtewc +8TGMEUxRIV4kiJg8Q5v6OCK3puZI7ujCn2eKpbHls8tBMNvsmd5ql8dxzPF+zNb H8+xADEJhD+zNtqQBhWFMGnU3tMtqttZMk7chKMv7gWG0sK5v5w= =mT+v -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
