RE: How to patch Apache Tomcat in AIX

["Satyamurthy, Hariprasad" <Ha...@manulife.com>]

Hi All,

We have multiple vulnerabilities in our environment ( AIX ) which are related to Apache, Apache Tomcat and Apache HTTP.

Please let me know if there is a link to documentation which we can use to patch these vulnerabilities.

AIX OS version : 6100-09-05-1524

Note:

These vulnerabilities are identified in a single server. So, please let me know if installing a highest version of the patch can resolve all the vulnerabilities or suggest alternatives for the same.

Any help would be appreciated.

Vulnerability details:


Vendor ID

Impacted issue

Apache Tomcat

Apache Tomcat Arbitrary File Upload Vulnerability

Apache 2.2.15

Apache HTTP Server Prior to 2.2.15 Multiple Vulnerabilities

Apache httpd 2.2.22

Apache HTTP Server Multiple Denial of Service Vulnerabilities

Apache

Apache HTTP Server multiple vulnerabilities

Apache

Apache HTTP Server Prior to 2.2.23 Multiple Vulnerabilities

Apache HTTP Server 2.2 Vulnerabilities

Apache HTTP Server mod_deflate Denial of Service Vulnerability

Apache httpd 2.2 Vulnerabilities,Apache httpd 2.4 Vulnerabilities

Apache Prior to 2.4.4 and 2.2.24 Multiple Vulnerabilities

Apache Tomcat

Apache Tomcat Information Disclosure and Denial of Service Vulnerability

Tomcat 6.0,Tomcat 7.0,Tomcat 8.0

Apache Tomcat Multiple Vulnerabilities

Tomcat 6.0,Tomcat 7.0,Tomcat 8.0

Apache Tomcat Multiple Vulnerabilities

Apache SVN

Apache Commons FileUpload Content Type Denial of Service Vulnerability

Tomcat 7.0.40

Apache Tomcat AsyncListener Method RuntimeException Vulnerability

Apache 2.2.25

Apache HTTP Server Prior to 2.2.25 Multiple Vulnerabilities

Tomcat 7.0.28,Tomcat 6.0.36

Apache Tomcat Denial of Service Vulnerabilities

Tomcat 6.0.36,Tomcat 7.0.32

Apache Tomcat CSRF Prevention Filter Bypass

Tomcat 7.0.30,Tomcat 6.0.37

Apache Tomcat Chunked Transfer Encoding Denial of Service Vulnerability

Tomcat 6.0.37,Tomcat 7.0.33

Apache Tomcat FormAuthenticator Session Hijacking Weakness

Apache2.2.19,Apache HTTP Server 2.0 Vulnerabilities

Apache HTTP Server APR "apr_fnmatch()" Denial of Service Vulnerability<ma...@ServletSecurity>

Apache Revision 772997,RHSA-2009-1075<ma...@ServletSecurity>

Apache HTTP Server AllowOverride Options Security Bypass<ma...@ServletSecurity>

Apache Tomcat 7.0.22,Apache Tomcat 6.0.35<ma...@ServletSecurity>

Apache Tomcat Hash Collision Denial of Service Vulnerability<ma...@ServletSecurity>

Tomcat 5.5.34,Tomcat 7.0.21,Tomcat 6.0.35<ma...@ServletSecurity>

Apache Tomcat AJP Protocol Security Bypass Vulnerability<ma...@ServletSecurity>

Apache 2.2,IBM HTTP Server<ma...@ServletSecurity>

Apache HTTP Server HttpOnly Cookie Information Disclosure Vulnerability<ma...@ServletSecurity>

Tomcat 6.0,Tomcat 7.0,Tomcat 8.0<ma...@ServletSecurity>

Apache Tomcat Multiple Vulnerabilities<ma...@ServletSecurity>

Tomcat 6.0,Tomcat 7.0,Tomcat 8.0<ma...@ServletSecurity>

Apache Tomcat Input Validation Security Bypass Vulnerability<ma...@ServletSecurity>

Tomcat 6.0.36,Tomcat 7.0.30<ma...@ServletSecurity>

Apache Tomcat Security Constraints Bypass<ma...@ServletSecurity>

Apache Tomcat 7.0.22<ma...@ServletSecurity>

Apache Tomcat Manager Application Servlets Security Bypass Vulnerability<ma...@ServletSecurity>

Apache HTTP Server 2.2<ma...@ServletSecurity>

Apache HTTP Server APR-util Multiple Denial of Service Vulnerabilities<ma...@ServletSecurity>

Apache Tomcat 7.0.14<ma...@ServletSecurity>

Apache Tomcat "@ServletSecurity<ma...@ServletSecurity>" Annotation Security Bypass Vulnerability

Tomcat 7,Tomcat 6,Tomcat 5

Apache Tomcat MemoryUserDatabase Password Disclosure Vulnerability



Regards,
Hariprasad Satyamurty
Global Infrastructure Services | Manulife Asia
Email : hariprasad_satyamurthy@manulife.com<ma...@manulife.com>


STATEMENT OF CONFIDENTIALITY The information contained in this email message and any attachments may be confidential and legally privileged and is intended for the use of the addressee(s) only. If you are not an intended recipient, please: (1) notify me immediately by replying to this message; (2) do not use, disseminate, distribute or reproduce any part of the message or any attachment; and (3) destroy all copies of this message and any attachments.

RE: How to patch Apache Tomcat in AIX

["Satyamurthy, Hariprasad" <Ha...@manulife.com>]

Thanks Ben,

Please let me know if Apache HTTP does not support patching as well.

Regards,
Hariprasad Satyamurty
Global Infrastructure Services | Manulife Asia
Email : hariprasad_satyamurthy@manulife.com

-----Original Message-----
From: Ben Stringer [mailto:ben@burbong.com]
Sent: Friday, June 24, 2016 12:32 PM
To: Tomcat Users List <us...@tomcat.apache.org>
Subject: RE: How to patch Apache Tomcat in AIX

On Fri, June 24, 2016 2:00 pm, Satyamurthy, Hariprasad wrote:
> Hi All,
>
> We have multiple vulnerabilities in our environment ( AIX ) which are
> related to Apache, Apache Tomcat and Apache HTTP.
>
> Please let me know if there is a link to documentation which we can
> use to patch these vulnerabilities.

Hi Hariprasad,

This list is for Apache Tomcat. For Apache HTTPD, refer to that product's support list.

Apache Tomcat doesn't support patching. You need install a newer version of Apache Tomcat that resolves the issues you have listed, and migrate your apps to that version.

This page may be useful to identify which Tomcat versions resolve the issues you are concerned about. Aim to install the most recent version if you can.

http://tomcat.apache.org/security.html

Cheers, Ben


>
> AIX OS version : 6100-09-05-1524
>
> Note:
>
> These vulnerabilities are identified in a single server. So, please
> let me know if installing a highest version of the patch can resolve
> all the vulnerabilities or suggest alternatives for the same.
>
> Any help would be appreciated.
>
> Vulnerability details:
>
>
> Vendor ID
>
> Impacted issue
>
> Apache Tomcat
>
> Apache Tomcat Arbitrary File Upload Vulnerability
>
> Apache 2.2.15
>
> Apache HTTP Server Prior to 2.2.15 Multiple Vulnerabilities
>
> Apache httpd 2.2.22
>
> Apache HTTP Server Multiple Denial of Service Vulnerabilities
>
> Apache
>
> Apache HTTP Server multiple vulnerabilities
>
> Apache
>
> Apache HTTP Server Prior to 2.2.23 Multiple Vulnerabilities
>
> Apache HTTP Server 2.2 Vulnerabilities
>
> Apache HTTP Server mod_deflate Denial of Service Vulnerability
>
> Apache httpd 2.2 Vulnerabilities,Apache httpd 2.4 Vulnerabilities
>
> Apache Prior to 2.4.4 and 2.2.24 Multiple Vulnerabilities
>
> Apache Tomcat
>
> Apache Tomcat Information Disclosure and Denial of Service
> Vulnerability
>
> Tomcat 6.0,Tomcat 7.0,Tomcat 8.0
>
> Apache Tomcat Multiple Vulnerabilities
>
> Tomcat 6.0,Tomcat 7.0,Tomcat 8.0
>
> Apache Tomcat Multiple Vulnerabilities
>
> Apache SVN
>
> Apache Commons FileUpload Content Type Denial of Service Vulnerability
>
> Tomcat 7.0.40
>
> Apache Tomcat AsyncListener Method RuntimeException Vulnerability
>
> Apache 2.2.25
>
> Apache HTTP Server Prior to 2.2.25 Multiple Vulnerabilities
>
> Tomcat 7.0.28,Tomcat 6.0.36
>
> Apache Tomcat Denial of Service Vulnerabilities
>
> Tomcat 6.0.36,Tomcat 7.0.32
>
> Apache Tomcat CSRF Prevention Filter Bypass
>
> Tomcat 7.0.30,Tomcat 6.0.37
>
> Apache Tomcat Chunked Transfer Encoding Denial of Service
> Vulnerability
>
> Tomcat 6.0.37,Tomcat 7.0.33
>
> Apache Tomcat FormAuthenticator Session Hijacking Weakness
>
> Apache2.2.19,Apache HTTP Server 2.0 Vulnerabilities
>
> Apache HTTP Server APR "apr_fnmatch()" Denial of Service
> Vulnerability<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07
> Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20A
> llowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.
> 22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Den
> ial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.2
> 1,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypa
> ss%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HT
> TP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerabi
> lity%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20M
> ultiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%
> 07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerabi
> lity%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security
> %20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomca
> t%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerabili
> ty%07%07
 Apache%20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity>
>
> Apache Revision
> 772997,RHSA-2009-1075<mailto:%22%20Denial%20of%20Service%20Vulnerabili
> ty%07%07Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Se
> rver%20AllowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomca
> t%207.0.22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collisi
> on%20Denial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat
> %207.0.21,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Securit
> y%20Bypass%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apa
> che%20HTTP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20V
> ulnerability%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20To
> mcat%20Multiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomca
> t%208.0%07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20V
> ulnerability%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20
> Security%20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache
> %20Tomcat%20Manager%20Application%20Servlets%20Security%20Bypass%20Vul
> nerabili
 ty%07%07Apache%20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity>
>
> Apache HTTP Server AllowOverride Options Security
> Bypass<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%
> 20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOve
> rride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apac
> he%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20o
> f%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomca
> t%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vu
> lnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Se
> rver%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07
> %07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple
> %20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apach
> e%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07
> %07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Cons
> traints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Man
> ager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%0
> 7Apache%
 20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity>
>
> Apache Tomcat 7.0.22,Apache Tomcat
> 6.0.35<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%
> 20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOve
> rride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apac
> he%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20o
> f%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomca
> t%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vu
> lnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Se
> rver%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07
> %07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple
> %20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apach
> e%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07
> %07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Cons
> traints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Man
> ager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%0
> 7Apache%
 20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity>
>
> Apache Tomcat Hash Collision Denial of Service
> Vulnerability<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07
> Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20A
> llowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.
> 22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Den
> ial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.2
> 1,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypa
> ss%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HT
> TP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerabi
> lity%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20M
> ultiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%
> 07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerabi
> lity%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security
> %20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomca
> t%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerabili
> ty%07%07
 Apache%20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity>
>
> Tomcat 5.5.34,Tomcat 7.0.21,Tomcat
> 6.0.35<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%
> 20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOve
> rride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apac
> he%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20o
> f%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomca
> t%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vu
> lnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Se
> rver%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07
> %07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple
> %20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apach
> e%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07
> %07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Cons
> traints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Man
> ager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%0
> 7Apache%
 20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity>
>
> Apache Tomcat AJP Protocol Security Bypass
> Vulnerability<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07
> Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20A
> llowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.
> 22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Den
> ial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.2
> 1,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypa
> ss%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HT
> TP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerabi
> lity%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20M
> ultiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%
> 07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerabi
> lity%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security
> %20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomca
> t%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerabili
> ty%07%07
 Apache%20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity>
>
> Apache 2.2,IBM HTTP
> Server<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%
> 20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOve
> rride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apac
> he%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20o
> f%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomca
> t%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vu
> lnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Se
> rver%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07
> %07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple
> %20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apach
> e%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07
> %07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Cons
> traints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Man
> ager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%0
> 7Apache%
 20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity>
>
> Apache HTTP Server HttpOnly Cookie Information Disclosure
> Vulnerability<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07
> Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20A
> llowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.
> 22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Den
> ial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.2
> 1,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypa
> ss%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HT
> TP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerabi
> lity%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20M
> ultiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%
> 07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerabi
> lity%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security
> %20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomca
> t%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerabili
> ty%07%07
 Apache%20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity>
>
> Tomcat 6.0,Tomcat 7.0,Tomcat
> 8.0<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%20R
> evision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOverri
> de%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apache%
> 20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20of%2
> 0Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomcat%2
> 06.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vulne
> rability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Serve
> r%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07%07
> Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple%20
> Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%2
> 0Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07%07
> Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Constra
> ints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Manage
> r%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%07Ap
> ache%20H
 TTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity>
>
> Apache Tomcat Multiple
> Vulnerabilities<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%
> 07Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%2
> 0AllowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.
> 0.22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20D
> enial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0
> .21,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20By
> pass%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20
> HTTP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnera
> bility%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%2
> 0Multiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.
> 0%07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnera
> bility%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Securi
> ty%20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tom
> cat%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerabi
> lity%07%
 07Apache%20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity>
>
> Tomcat 6.0,Tomcat 7.0,Tomcat
> 8.0<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%20R
> evision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOverri
> de%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apache%
> 20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20of%2
> 0Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomcat%2
> 06.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vulne
> rability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Serve
> r%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07%07
> Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple%20
> Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%2
> 0Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07%07
> Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Constra
> ints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Manage
> r%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%07Ap
> ache%20H
 TTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity>
>
> Apache Tomcat Input Validation Security Bypass
> Vulnerability<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07
> Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20A
> llowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.
> 22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Den
> ial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.2
> 1,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypa
> ss%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HT
> TP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerabi
> lity%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20M
> ultiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%
> 07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerabi
> lity%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security
> %20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomca
> t%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerabili
> ty%07%07
 Apache%20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity>
>
> Tomcat 6.0.36,Tomcat
> 7.0.30<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%
> 20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOve
> rride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apac
> he%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20o
> f%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomca
> t%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vu
> lnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Se
> rver%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07
> %07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple
> %20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apach
> e%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07
> %07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Cons
> traints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Man
> ager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%0
> 7Apache%
 20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity>
>
> Apache Tomcat Security Constraints
> Bypass<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%
> 20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOve
> rride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apac
> he%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20o
> f%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomca
> t%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vu
> lnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Se
> rver%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07
> %07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple
> %20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apach
> e%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07
> %07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Cons
> traints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Man
> ager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%0
> 7Apache%
 20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity>
>
> Apache Tomcat
> 7.0.22<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%
> 20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOve
> rride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apac
> he%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20o
> f%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomca
> t%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vu
> lnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Se
> rver%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07
> %07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple
> %20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apach
> e%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07
> %07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Cons
> traints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Man
> ager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%0
> 7Apache%
 20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity>
>
> Apache Tomcat Manager Application Servlets Security Bypass
> Vulnerability<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07
> Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20A
> llowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.
> 22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Den
> ial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.2
> 1,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypa
> ss%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HT
> TP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerabi
> lity%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20M
> ultiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%
> 07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerabi
> lity%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security
> %20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomca
> t%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerabili
> ty%07%07
 Apache%20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity>
>
> Apache HTTP Server
> 2.2<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%20R
> evision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOverri
> de%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apache%
> 20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20of%2
> 0Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomcat%2
> 06.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vulne
> rability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Serve
> r%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07%07
> Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple%20
> Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%2
> 0Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07%07
> Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Constra
> ints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Manage
> r%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%07Ap
> ache%20H
 TTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity>
>
> Apache HTTP Server APR-util Multiple Denial of Service
> Vulnerabilities<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%
> 07Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%2
> 0AllowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.
> 0.22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20D
> enial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0
> .21,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20By
> pass%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20
> HTTP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnera
> bility%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%2
> 0Multiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.
> 0%07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnera
> bility%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Securi
> ty%20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tom
> cat%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerabi
> lity%07%
 07Apache%20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity>
>
> Apache Tomcat
> 7.0.14<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%
> 20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOve
> rride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apac
> he%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20o
> f%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomca
> t%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vu
> lnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Se
> rver%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07
> %07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple
> %20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apach
> e%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07
> %07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Cons
> traints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Man
> ager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%0
> 7Apache%
 20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity>
>
> Apache Tomcat
> "@ServletSecurity<mailto:%22%20Denial%20of%20Service%20Vulnerability%0
> 7%07Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server
> %20AllowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%20
> 7.0.22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%2
> 0Denial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207
> .0.21,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20
> Bypass%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%
> 20HTTP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulne
> rability%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat
> %20Multiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%20
> 8.0%07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulne
> rability%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Secu
> rity%20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20T
> omcat%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnera
> bility%0
 7%07Apache%20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity>"
> Annotation Security Bypass Vulnerability
>
> Tomcat 7,Tomcat 6,Tomcat 5
>
> Apache Tomcat MemoryUserDatabase Password Disclosure Vulnerability
>
>
>
> Regards,
> Hariprasad Satyamurty
> Global Infrastructure Services | Manulife Asia Email :
> hariprasad_satyamurthy@manulife.com<mailto:hariprasad_satyamurthy@manu
> life.com>
>
>
> STATEMENT OF CONFIDENTIALITY The information contained in this email
> message and any attachments may be confidential and legally privileged
> and is intended for the use of the addressee(s) only. If you are not
> an intended recipient, please: (1) notify me immediately by replying
> to this message; (2) do not use, disseminate, distribute or reproduce
> any part of the message or any attachment; and (3) destroy all copies
> of this message and any attachments.
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


STATEMENT OF CONFIDENTIALITY The information contained in this email message and any attachments may be confidential and legally privileged and is intended for the use of the addressee(s) only. If you are not an intended recipient, please: (1) notify me immediately by replying to this message; (2) do not use, disseminate, distribute or reproduce any part of the message or any attachment; and (3) destroy all copies of this message and any attachments.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

RE: How to patch Apache Tomcat in AIX

[Ben Stringer <be...@burbong.com>]

On Fri, June 24, 2016 2:00 pm, Satyamurthy, Hariprasad wrote:
> Hi All,
>
> We have multiple vulnerabilities in our environment ( AIX ) which are
> related to Apache, Apache Tomcat and Apache HTTP.
>
> Please let me know if there is a link to documentation which we can use to
> patch these vulnerabilities.

Hi Hariprasad,

This list is for Apache Tomcat. For Apache HTTPD, refer to that product's
support list.

Apache Tomcat doesn't support patching. You need install a newer version
of Apache Tomcat that resolves the issues you have listed, and migrate
your apps to that version.

This page may be useful to identify which Tomcat versions resolve the
issues you are concerned about. Aim to install the most recent version if
you can.

http://tomcat.apache.org/security.html

Cheers, Ben


>
> AIX OS version : 6100-09-05-1524
>
> Note:
>
> These vulnerabilities are identified in a single server. So, please let me
> know if installing a highest version of the patch can resolve all the
> vulnerabilities or suggest alternatives for the same.
>
> Any help would be appreciated.
>
> Vulnerability details:
>
>
> Vendor ID
>
> Impacted issue
>
> Apache Tomcat
>
> Apache Tomcat Arbitrary File Upload Vulnerability
>
> Apache 2.2.15
>
> Apache HTTP Server Prior to 2.2.15 Multiple Vulnerabilities
>
> Apache httpd 2.2.22
>
> Apache HTTP Server Multiple Denial of Service Vulnerabilities
>
> Apache
>
> Apache HTTP Server multiple vulnerabilities
>
> Apache
>
> Apache HTTP Server Prior to 2.2.23 Multiple Vulnerabilities
>
> Apache HTTP Server 2.2 Vulnerabilities
>
> Apache HTTP Server mod_deflate Denial of Service Vulnerability
>
> Apache httpd 2.2 Vulnerabilities,Apache httpd 2.4 Vulnerabilities
>
> Apache Prior to 2.4.4 and 2.2.24 Multiple Vulnerabilities
>
> Apache Tomcat
>
> Apache Tomcat Information Disclosure and Denial of Service Vulnerability
>
> Tomcat 6.0,Tomcat 7.0,Tomcat 8.0
>
> Apache Tomcat Multiple Vulnerabilities
>
> Tomcat 6.0,Tomcat 7.0,Tomcat 8.0
>
> Apache Tomcat Multiple Vulnerabilities
>
> Apache SVN
>
> Apache Commons FileUpload Content Type Denial of Service Vulnerability
>
> Tomcat 7.0.40
>
> Apache Tomcat AsyncListener Method RuntimeException Vulnerability
>
> Apache 2.2.25
>
> Apache HTTP Server Prior to 2.2.25 Multiple Vulnerabilities
>
> Tomcat 7.0.28,Tomcat 6.0.36
>
> Apache Tomcat Denial of Service Vulnerabilities
>
> Tomcat 6.0.36,Tomcat 7.0.32
>
> Apache Tomcat CSRF Prevention Filter Bypass
>
> Tomcat 7.0.30,Tomcat 6.0.37
>
> Apache Tomcat Chunked Transfer Encoding Denial of Service Vulnerability
>
> Tomcat 6.0.37,Tomcat 7.0.33
>
> Apache Tomcat FormAuthenticator Session Hijacking Weakness
>
> Apache2.2.19,Apache HTTP Server 2.0 Vulnerabilities
>
> Apache HTTP Server APR "apr_fnmatch()" Denial of Service
> Vulnerability<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%07
 Apache%20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity>
>
> Apache Revision
> 772997,RHSA-2009-1075<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerabili
 ty%07%07Apache%20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity>
>
> Apache HTTP Server AllowOverride Options Security
> Bypass<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%07Apache%
 20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity>
>
> Apache Tomcat 7.0.22,Apache Tomcat
> 6.0.35<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%07Apache%
 20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity>
>
> Apache Tomcat Hash Collision Denial of Service
> Vulnerability<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%07
 Apache%20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity>
>
> Tomcat 5.5.34,Tomcat 7.0.21,Tomcat
> 6.0.35<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%07Apache%
 20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity>
>
> Apache Tomcat AJP Protocol Security Bypass
> Vulnerability<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%07
 Apache%20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity>
>
> Apache 2.2,IBM HTTP
> Server<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%07Apache%
 20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity>
>
> Apache HTTP Server HttpOnly Cookie Information Disclosure
> Vulnerability<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%07
 Apache%20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity>
>
> Tomcat 6.0,Tomcat 7.0,Tomcat
> 8.0<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%07Apache%20H
 TTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity>
>
> Apache Tomcat Multiple
> Vulnerabilities<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%
 07Apache%20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity>
>
> Tomcat 6.0,Tomcat 7.0,Tomcat
> 8.0<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%07Apache%20H
 TTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity>
>
> Apache Tomcat Input Validation Security Bypass
> Vulnerability<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%07
 Apache%20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity>
>
> Tomcat 6.0.36,Tomcat
> 7.0.30<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%07Apache%
 20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity>
>
> Apache Tomcat Security Constraints
> Bypass<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%07Apache%
 20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity>
>
> Apache Tomcat
> 7.0.22<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%07Apache%
 20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity>
>
> Apache Tomcat Manager Application Servlets Security Bypass
> Vulnerability<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%07
 Apache%20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity>
>
> Apache HTTP Server
> 2.2<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%07Apache%20H
 TTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity>
>
> Apache HTTP Server APR-util Multiple Denial of Service
> Vulnerabilities<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%
 07Apache%20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity>
>
> Apache Tomcat
> 7.0.14<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%07%07Apache%
 20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity>
>
> Apache Tomcat
> "@ServletSecurity<mailto:%22%20Denial%20of%20Service%20Vulnerability%07%07Apache%20Revision%20772997,RHSA-2009-1075%07Apache%20HTTP%20Server%20AllowOverride%20Options%20Security%20Bypass%07%07Apache%20Tomcat%207.0.22,Apache%20Tomcat%206.0.35%07Apache%20Tomcat%20Hash%20Collision%20Denial%20of%20Service%20Vulnerability%07%07Tomcat%205.5.34,Tomcat%207.0.21,Tomcat%206.0.35%07Apache%20Tomcat%20AJP%20Protocol%20Security%20Bypass%20Vulnerability%07%07Apache%202.2,IBM%20HTTP%20Server%07Apache%20HTTP%20Server%20HttpOnly%20Cookie%20Information%20Disclosure%20Vulnerability%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Multiple%20Vulnerabilities%07%07Tomcat%206.0,Tomcat%207.0,Tomcat%208.0%07Apache%20Tomcat%20Input%20Validation%20Security%20Bypass%20Vulnerability%07%07Tomcat%206.0.36,Tomcat%207.0.30%07Apache%20Tomcat%20Security%20Constraints%20Bypass%07%07Apache%20Tomcat%207.0.22%07Apache%20Tomcat%20Manager%20Application%20Servlets%20Security%20Bypass%20Vulnerability%0
 7%07Apache%20HTTP%20Server%202.2%07Apache%20HTTP%20Server%20APR-util%20Multiple%20Denial%20of%20Service%20Vulnerabilities%07%07Apache%20Tomcat%207.0.14%07Apache%20Tomcat%20%22@ServletSecurity>"
> Annotation Security Bypass Vulnerability
>
> Tomcat 7,Tomcat 6,Tomcat 5
>
> Apache Tomcat MemoryUserDatabase Password Disclosure Vulnerability
>
>
>
> Regards,
> Hariprasad Satyamurty
> Global Infrastructure Services | Manulife Asia
> Email :
> hariprasad_satyamurthy@manulife.com<ma...@manulife.com>
>
>
> STATEMENT OF CONFIDENTIALITY The information contained in this email
> message and any attachments may be confidential and legally privileged and
> is intended for the use of the addressee(s) only. If you are not an
> intended recipient, please: (1) notify me immediately by replying to this
> message; (2) do not use, disseminate, distribute or reproduce any part of
> the message or any attachment; and (3) destroy all copies of this message
> and any attachments.
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org