You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by "Martin Wiesner (Jira)" <ji...@apache.org> on 2020/11/27 13:23:00 UTC
[jira] [Resolved] (TOMEE-2789) TomEE plus(7.0.7) is affected by
CVE-2020-1938(BDSA-2020-0339) vulnerability.
[ https://issues.apache.org/jira/browse/TOMEE-2789?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martin Wiesner resolved TOMEE-2789.
-----------------------------------
Resolution: Fixed
The issue has been addressed with the release of TomEE 7.0.8. Please update accordingly.
> TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.
> ------------------------------------------------------------------------------
>
> Key: TOMEE-2789
> URL: https://issues.apache.org/jira/browse/TOMEE-2789
> Project: TomEE
> Issue Type: Bug
> Affects Versions: 7.0.7
> Reporter: Jayaprakash
> Priority: Critical
> Fix For: 7.0.8
>
>
> TomEE plus (7.0.7) is using Apache Tomcat 8.5.50 version which is affected by vulnerability CVE-2020-1938(BDSA-2020-0339) with CVSS score of *9.8* which causesĀ {{Information Disclosure and Potential Remote Code Execution via Apache JServ Protocol (AJP) Connector}}
> Apache Tomcat(8.5.51) addresses this vulnerability. Is there any scheduled release of TomEE plus(7.0.7) with this component ?
> If not planned, can you please upgrade TomEE plus(7.0.7) with Apache Tomcat(8.5.51) version or later which addresses this vulnerability.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)