You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Jayant Sane <ja...@hotmail.com> on 2012/03/08 22:49:18 UTC
Question about a known security vulnerability
Hello,
This is in regard to the security vulnerability "Tomcat WAR Deployment Directory Traversal Flaw May Cause Files to Be Deleted" as detailed in http://securitytracker.com/id/1023504
Per the above, versions 5.5.0-5.5.28, 6.0.0-6.0.20 and possibly earlier versions were affected.
Question: Does this affect version 7.0.23 and/or has it been confirmed fixed for v7.0.23?
The website security test tool we use reports this issue being present even in Tomcat version 7.0.23 so wanted to know. I
I was told that I cannot post this question to the email address meant for reporting undisclosed security vulnerabilities and I understand.
thanks in advance,Jayant
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Question about a known security vulnerability
Posted by Pid <pi...@pidster.com>.
On 08/03/2012 21:49, Jayant Sane wrote:
>
> Hello,
>
> This is in regard to the security vulnerability "Tomcat WAR Deployment Directory Traversal Flaw May Cause Files to Be Deleted" as detailed in http://securitytracker.com/id/1023504
> Per the above, versions 5.5.0-5.5.28, 6.0.0-6.0.20 and possibly earlier versions were affected.
> Question: Does this affect version 7.0.23 and/or has it been confirmed fixed for v7.0.23?
>
> The website security test tool we use reports this issue being present even in Tomcat version 7.0.23 so wanted to know. I
Is the tool saying that the issue has been detected in 7.0.23 upwards,
or that it was fixed in 7.0.24?
p
> I was told that I cannot post this question to the email address meant for reporting undisclosed security vulnerabilities and I understand.
> thanks in advance,Jayant
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
--
[key:62590808]