You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Brendan P Keenan <bk...@csc.com> on 2011/10/07 18:08:26 UTC
Adding Revisions
I apologise if this has been answered somewhere else but I just haven't
been able to find it...
Server is running Windows 2003 R2 SP2
Tomcat 6.0.33
I need to mitigate CVE-2011-3190. It appears revision 1162959 fixes it.
I cannot find how to apply 1162959. Hopefully someone can tell me the steps
or point me to documentation
Thanks
Brendan P Keenan
Mainframe Automation
CSC
Home Office - Columbia, CT USA
GOS | Global Enterprise Service Mgmt | 1.860.416.0251 | bkeenan@csc.com |
www.csc.com
This is a PRIVATE message. If you are not the intended recipient, please
delete without copying and kindly advise us by e-mail of the mistake in
delivery.
NOTE: Regardless of content, this e-mail shall not operate to bind CSC to
any order or other contract unless pursuant to explicit written agreement
or government initiative expressly permitting the use of e-mail for such
purpose.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Adding Revisions
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Brendan P Keenan [mailto:bkeenan@csc.com]
> Subject: Adding Revisions
> I cannot find how to apply 1162959. Hopefully someone
> can tell me the steps or point me to documentation
Have you read this?
http://tomcat.apache.org/tomcat-6.0-doc/building.html
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Adding Revisions
Posted by Mark Eggers <it...@yahoo.com>.
----- Original Message -----
> From: Brendan P Keenan <bk...@csc.com>
> To: users@tomcat.apache.org
> Cc:
> Sent: Friday, October 7, 2011 9:08 AM
> Subject: Adding Revisions
>
>
> I apologise if this has been answered somewhere else but I just haven't
> been able to find it...
>
> Server is running Windows 2003 R2 SP2
> Tomcat 6.0.33
>
> I need to mitigate CVE-2011-3190. It appears revision 1162959 fixes it.
>
> I cannot find how to apply 1162959. Hopefully someone can tell me the steps
> or point me to documentation
> Thanks
>
>
>
> Brendan P Keenan
> Mainframe Automation
> CSC
>
Could you use one of the two mitigation recommendations?
The announcement:
http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.34_(not_yet_released)
If you're using mod_jk, then the following two links gives you detailed configuration information.
http://tomcat.apache.org/tomcat-6.0-doc/config/ajp.html
http://tomcat.apache.org/connectors-doc/reference/workers.html
If you're using mod_proxy_ajp or mod_jk earlier than 1.2.12 (upgrade), then you can change the AJP connector protocol to org.apache.jk.server.JkCoyoteHandler as per the announcement.
. . . . just my two cents.
/mde/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org