This is what I read, now in the solution tab, it says to remove the examples folder,but we are shipping the tomcat with our product, can we remove the example folder and ship with our product.If not, any other workaround/solution.Stoplisted Vulnerabilities for this Host: 2 Vulnerability12085Apache Tomcat Servlet / JSP Container Default FilesLow Risk DescriptionThis system is running an Apache Tomcat servlet/JSP container with default files (such as documentation, default Servlets and JSPs) installed. These files may help an attacker to guess the exact version of the Apache Tomcat which is running on this host and may provide other useful information. SolutionRemove default files, example JSPs and Servlets from the Tomcat Servlet/JSP container. CategoryHosting or infrastructure flaw.CVE ReferenceCVE-MAP-NOMATCHCVSS2 .0 (Low) (AV:N/AC:L/Au:N/C:N/I:N/A:N)First Found13 March 2011Port443/tcpLast 6 Months Stopped*By:* joe.blo...@technicians.com *From:* 12 March 2003 *To:* 12 March 2014 ReasonYour Company accepts the risk that this vulnerability poses.
On Tue, Mar 27, 2012 at 7:50 PM, Mark Thomas <ma...@apache.org> wrote: > > > Geet Chandra <gee...@gmail.com> wrote: > > >I found this information here > > > http://www.westpoint.ltd.uk/example-reports/samplereport_westpoint/files/detail_493213.htm > > > > > >I don't see anything about affected versions. > > Then try reading a proper vulnerability report rather than the output of a > vulnerability scanner. Or, as I said before, look at the Tomcat security > pages. > > You have been given all the information you need (and more) to answer this > question. > > Mark > > > > > >-Geet > > > >On Tue, Mar 27, 2012 at 7:20 PM, Mark Thomas <ma...@apache.org> wrote: > > > >> On 27/03/2012 14:38, Geet Chandra wrote: > >> > Using Tomcat version 6.0.35 > >> > >> In which case go back and read the vulnerability information again > >and > >> pay more attention to the part about affected versions. > >> > >> You should also read the Tomcat security pages. > >> > >> Mark > >> > >> > >> > > >> > -Geet > >> > > >> > On Tue, Mar 27, 2012 at 7:02 PM, Mark Thomas <ma...@apache.org> > >wrote: > >> > > >> >> On 27/03/2012 14:29, Geet Chandra wrote: > >> >>> Here is the CVE Reference:CVE-2002-2006 > >> >> > >> >> And the Tomcat version you are using? > >> >> > >> >> Mark > >> >> > >> >>> > >> >>> On Tue, Mar 27, 2012 at 6:51 PM, Mark Thomas <ma...@apache.org> > >wrote: > >> >>> > >> >>>> On 27/03/2012 14:18, Geet Chandra wrote: > >> >>>>> Hi All, > >> >>>>> > >> >>>>> Is there any solution or workaround for protection against this > >> >> security > >> >>>>> vulnerability. > >> >>>> > >> >>>> What security vulnerability is this? Every published Tomcat > >security > >> >>>> vulnerability has a CVE reference to uniquely identify it. What > >is the > >> >>>> CVE reference for this issue? > >> >>>> > >> >>>> Mark > >> >>>> > >> >>>> > >--------------------------------------------------------------------- > >> >>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >> >>>> For additional commands, e-mail: users-h...@tomcat.apache.org > >> >>>> > >> >>>> > >> >>> > >> >>> > >> >> > >> >> > >> >> > >--------------------------------------------------------------------- > >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >> >> For additional commands, e-mail: users-h...@tomcat.apache.org > >> >> > >> >> > >> > > >> > > >> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >> For additional commands, e-mail: users-h...@tomcat.apache.org > >> > >> > > > > > >-- > >Thanks & Regards > >Geet > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > -- Thanks & Regards Geet
