You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "James H. H. Lampert" <ja...@touchtonecorp.com.INVALID> on 2022/08/05 22:37:22 UTC
TCP timestamp vulnerability -- any insights on how this relates to Tomcat?
Today is the first time I heard of such a thing as a "TCP timestamp
vulnerability." It seems a bit overblown to me, especially for a Tomcat
server running on an AS/400.
Can anybody share any insights about how this vulnerability relates to
Tomcat?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: TCP timestamp vulnerability -- any insights on how this relates to Tomcat?
Posted by Mark Thomas <ma...@apache.org>.
5 Aug 2022 23:37:22 James H. H. Lampert
<ja...@touchtonecorp.com.INVALID>:
> Today is the first time I heard of such a thing as a "TCP timestamp
> vulnerability." It seems a bit overblown to me, especially for a Tomcat
> server running on an AS/400.
>
> Can anybody share any insights about how this vulnerability relates to
> Tomcat?
It doesn't.
This is a a network be stack/ OS issue.
The attacks I could find related to the issue were all information
disclosure style issue that could help target other attacks.
I'd make sure the OS was kept fully patched and not worry about this
issue.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org