You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Venkata Reddy (Trianz)" <Ve...@trianz.com> on 2018/04/04 10:05:37 UTC
Is tomcat6.0 impacted with these vulnerabilities (CVE-2018-1304,
CVE-2018-1305)?
Hi Team,
Could you please help me on whether tomcat6.0.53 version is also impacted with these vulnerabilities (CVE-2018-1304, CVE-2018-1305)?
This information is very critical for us.
Unfortunately we are still on the process of migrating our current tomcat6.0.x version usage to tomcat8.5.x.
Thanks in advance.
RE: Is tomcat6.0 impacted with these vulnerabilities (CVE-2018-1304,
CVE-2018-1305)?
Posted by "Venkata Reddy (Trianz)" <Ve...@trianz.com>.
Both the vulnerabilities are not impacted on tomcat6.0.x.
Thanks a lot Mark and Rémy for providing the quick information.
-----Original Message-----
From: Rémy Maucherat [mailto:remm@apache.org]
Sent: 04 April 2018 17:32
To: Tomcat Users List
Subject: Re: Is tomcat6.0 impacted with these vulnerabilities (CVE-2018-1304, CVE-2018-1305)?
On Wed, Apr 4, 2018 at 1:02 PM, Mark Thomas <ma...@apache.org> wrote:
> On 04/04/18 11:54, Rémy Maucherat wrote:
> > On Wed, Apr 4, 2018 at 12:05 PM, Venkata Reddy (Trianz) <
> > Venkata.Reddy@trianz.com> wrote:
> >
> >> Hi Team,
> >>
> >> Could you please help me on whether tomcat6.0.53 version is also
> impacted
> >> with these vulnerabilities (CVE-2018-1304,
> >
> >
> > Yes.
>
> I thought root context mapping was introduced in Servlet 3.0 (Tomcat 7).
> Did we back-port it?
>
Ok, I think you are right as the text on the "special" - it doesn't look so spacial to me, as it's an exact path - "" path seems to be added in Servlet 3.0. It's a situation where I don't really know what it does in Tomcat 6.0.
On the other one, I know for sure there's no ServletSecurity annotation :)
Rémy
>
> Mark
>
>
> >
> >
> >> CVE-2018-1305)?
> >>
> >
> > No.
> >
> > Rémy
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
**This mail has been sent from an external source**
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Is tomcat6.0 impacted with these vulnerabilities (CVE-2018-1304, CVE-2018-1305)?
Posted by Rémy Maucherat <re...@apache.org>.
On Wed, Apr 4, 2018 at 1:02 PM, Mark Thomas <ma...@apache.org> wrote:
> On 04/04/18 11:54, Rémy Maucherat wrote:
> > On Wed, Apr 4, 2018 at 12:05 PM, Venkata Reddy (Trianz) <
> > Venkata.Reddy@trianz.com> wrote:
> >
> >> Hi Team,
> >>
> >> Could you please help me on whether tomcat6.0.53 version is also
> impacted
> >> with these vulnerabilities (CVE-2018-1304,
> >
> >
> > Yes.
>
> I thought root context mapping was introduced in Servlet 3.0 (Tomcat 7).
> Did we back-port it?
>
Ok, I think you are right as the text on the "special" - it doesn't look so
spacial to me, as it's an exact path - "" path seems to be added in Servlet
3.0. It's a situation where I don't really know what it does in Tomcat 6.0.
On the other one, I know for sure there's no ServletSecurity annotation :)
Rémy
>
> Mark
>
>
> >
> >
> >> CVE-2018-1305)?
> >>
> >
> > No.
> >
> > Rémy
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Is tomcat6.0 impacted with these vulnerabilities (CVE-2018-1304,
CVE-2018-1305)?
Posted by Mark Thomas <ma...@apache.org>.
On 04/04/18 11:54, Rémy Maucherat wrote:
> On Wed, Apr 4, 2018 at 12:05 PM, Venkata Reddy (Trianz) <
> Venkata.Reddy@trianz.com> wrote:
>
>> Hi Team,
>>
>> Could you please help me on whether tomcat6.0.53 version is also impacted
>> with these vulnerabilities (CVE-2018-1304,
>
>
> Yes.
I thought root context mapping was introduced in Servlet 3.0 (Tomcat 7).
Did we back-port it?
Mark
>
>
>> CVE-2018-1305)?
>>
>
> No.
>
> Rémy
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Is tomcat6.0 impacted with these vulnerabilities (CVE-2018-1304, CVE-2018-1305)?
Posted by Rémy Maucherat <re...@apache.org>.
On Wed, Apr 4, 2018 at 12:05 PM, Venkata Reddy (Trianz) <
Venkata.Reddy@trianz.com> wrote:
> Hi Team,
>
> Could you please help me on whether tomcat6.0.53 version is also impacted
> with these vulnerabilities (CVE-2018-1304,
Yes.
> CVE-2018-1305)?
>
No.
Rémy