Tomcat 5.5.24 is expected to be released in a few days.
The vulnerability you cited should be rated low impact for most people.
There is a similar open issue, both are shortly described on the page
http://tomcat.apache.org/security-5.html
Both issues only affect the example webapps (which you would never
deploy in productipon, if you are security aware) and the manager
webapp, which will only be used by system administration people.
Regards,
Rainer
Cherie Barnes wrote:
Are there any patches available for the Apache Tomcat Application Server
(downloaded from tomcat.apache.org)? I recently upgraded to 5.5.23 and
find that there is a security flaw ( CVE-2007-2450
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450>) that
needs to be fixed. I really don't want to have to re-install everytime
a security flaw is found. Are there any patches that can be applied to
comply with the security vulnerabilities. I do not have a Solaris 10
build environment yet so I can't rebuild the server either. I tried
asking the [EMAIL PROTECTED], but they told me I had to ask the
user group. Please let me know if there is a place where tomcat apache
patches can be found for Solaris 10.
Thanks in advance,
Cherie
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]