oh ok. thanks ;)
Rui Monteiro wrote: > > > Laura, > > It's true that there's a problem with double negative phrases. > So to be more explict. As far as I can read from the report you showed > the problem WOULD NOT EXIST ON STANDALONE TOMCAT. > You can go without upgrade at least on basis of this specific security > hole. > > > Laura McCord escribió: >> So, since we are using Tomcat as a standalone then this would apply, >> right? >> >> Thanks, >> Laura >> >> >> >> Rui Monteiro wrote: >> >>> And just in case! It desn't seem to apply in case you don't have >>> Apache Server + Apache Tomcat through connector. >>> >>> -------- Mensaje original -------- >>> >>> Supposing the security vulnerability to be true as it seems (but i >>> didn't check) means first of all that if you don't have the Tomcat >>> Manager Aplication working and you don't have more than one web >>> aplication or at least you don't have any other application proxified >>> then you don't have to worry. >>> >>> Anyway you can run tomcat 5.5 with java 1.4 but it needs configuration. >>> >>> Hope it helps. >>> >>> Laura McCord escribió: >>> >>>> I currently have Tomcat 5.0.28 installed and we received a security >>>> vulnerability notice pertaining to a "Apache Tomcat Directory >>>> Traversal". >>>> http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0167.html >>>> >>>> >>>> We were thinking about upgrading to version 5.5.23 but is it true that >>>> we would have to upgrade our java installation from 1.4 to java 5? >>>> >>>> Also, if anyone is familiar with this security vulnerability can you >>>> please explain what this means? >>>> >>>> Thanks. >>>> >>>> --------------------------------------------------------------------- >>>> To start a new topic, e-mail: users@tomcat.apache.org >>>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>>> For additional commands, e-mail: [EMAIL PROTECTED] >>>> >>>> >>>> >>>> >>> >> >> --------------------------------------------------------------------- >> To start a new topic, e-mail: users@tomcat.apache.org >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> >> > > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]