You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by "James H. H. Lampert" <ja...@touchtonecorp.com.INVALID> on 2022/08/05 22:37:22 UTC

TCP timestamp vulnerability -- any insights on how this relates to Tomcat?

Today is the first time I heard of such a thing as a "TCP timestamp 
vulnerability." It seems a bit overblown to me, especially for a Tomcat 
server running on an AS/400.

Can anybody share any insights about how this vulnerability relates to 
Tomcat?

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: TCP timestamp vulnerability -- any insights on how this relates to Tomcat?

Posted by Mark Thomas <ma...@apache.org>.

5 Aug 2022 23:37:22 James H. H. Lampert 
<ja...@touchtonecorp.com.INVALID>:

> Today is the first time I heard of such a thing as a "TCP timestamp 
> vulnerability." It seems a bit overblown to me, especially for a Tomcat 
> server running on an AS/400.
>
> Can anybody share any insights about how this vulnerability relates to 
> Tomcat?

It doesn't.

This is a a network be stack/ OS issue.

The attacks I could find related to the issue were all information 
disclosure style issue that could help target other attacks.

I'd make sure the OS was kept fully patched and not worry about this 
issue.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org