So, since we are using Tomcat as a standalone then this would apply, right?
Thanks, Laura Rui Monteiro wrote: > And just in case! It desn't seem to apply in case you don't have > Apache Server + Apache Tomcat through connector. > > -------- Mensaje original -------- > > Supposing the security vulnerability to be true as it seems (but i > didn't check) means first of all that if you don't have the Tomcat > Manager Aplication working and you don't have more than one web > aplication or at least you don't have any other application proxified > then you don't have to worry. > > Anyway you can run tomcat 5.5 with java 1.4 but it needs configuration. > > Hope it helps. > > Laura McCord escribió: >> I currently have Tomcat 5.0.28 installed and we received a security >> vulnerability notice pertaining to a "Apache Tomcat Directory >> Traversal". >> http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0167.html >> >> We were thinking about upgrading to version 5.5.23 but is it true that >> we would have to upgrade our java installation from 1.4 to java 5? >> >> Also, if anyone is familiar with this security vulnerability can you >> please explain what this means? >> >> Thanks. >> >> --------------------------------------------------------------------- >> To start a new topic, e-mail: users@tomcat.apache.org >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> >> > > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]