2011/9/21 BARRON, HAROLD H CTR DISA EE <harold.barron....@disa.mil>: > > Apache Tomcat AJP Protocol Security Bypass and Information Disclosure > Vulnerability - (CVE-2011-3190): >
1. Mitigation options are listed here: http://tomcat.apache.org/security-5.html http://tomcat.apache.org/security-6.html Both 5.5 and 6.0 have a connector implementation that is not vulnerable to this issue 2. 5.5.34 binaries are already available for testing and have good chances to be officially released in the following days. 6.0.34 release plans have not been discussed (with 6.0.33 being released not so long ago). Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
