You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by shishir patil <sh...@yahoo.com> on 2007/03/08 22:59:25 UTC

Standalone Tomcat - Does vulnerability CVE-2007-0774 apply?

Hi,
  I have standalone Tomcat version 5.5 running on my production machine (Windows 2003 server). I think in this case vulnerability CVE-2007-0774 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0774)  does not apply as there is no other Webserver (apache etc.) to which tomcat talks to. So there is no connector. But I read on the web that, tomcat comes with default connector to serve Static content. I am not sure which connector it is. 
   
  But this vulnerability is about mod_jk, which is not in tomcat but is part of apache. So I still think I do need to take care of this vulnerability. But would like to confirm with you before informing my team.
   
  thanks,
  shishir

 
---------------------------------
Don't be flakey. Get Yahoo! Mail for Mobile and 
always stay connected to friends.

Re: Standalone Tomcat - Does vulnerability CVE-2007-0774 apply?

Posted by Mark Thomas <ma...@apache.org>.

No.

Mark

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org