Re: Reg CVE-2017-5664

2017-06-23 Thread Durga Srinivasu Karuturi
Thanks mark. Checked Error Servlet, handled doGet() and doPost() only. doPost() internally calling doGet(). Yes for PUT/DELTE we are getting 405. Thanks, Durga Srinivasu On Fri, Jun 23, 2017 at 4:38 AM, Mark Thomas wrote: > On 22/06/17 16:46, Durga Srinivasu Karuturi wrote:

Re: Reg CVE-2017-5664

2017-06-22 Thread Mark Thomas
On 22/06/17 16:46, Durga Srinivasu Karuturi wrote: > Hi, > > We are using tomcat 8.5.14. > > As this CVE-2017-5664 > is applicable > for current tomcat version, we are trying to evaluate whethere this CVE is > applicable to our web

Re: Reg CVE-2017-5664

2017-06-22 Thread Durga Srinivasu Karuturi
No, we are using RHEL with embed tomcat running inside java. Thanks, Durga Srinivasu On Thu, Jun 22, 2017 at 10:03 PM, Emmanuel Bourg wrote: > Le 22/06/2017 à 17:46, Durga Srinivasu Karuturi a écrit : > > > We are using tomcat 8.5.14. > > From Debian 9? If so this has been

Re: Reg CVE-2017-5664

2017-06-22 Thread Emmanuel Bourg
Le 22/06/2017 à 17:46, Durga Srinivasu Karuturi a écrit : > We are using tomcat 8.5.14. >From Debian 9? If so this has been patched today: https://www.debian.org/security/2017/dsa-3891 Emmanuel Bourg - To unsubscribe,

Reg CVE-2017-5664

2017-06-22 Thread Durga Srinivasu Karuturi
Hi, We are using tomcat 8.5.14. As this CVE-2017-5664 is applicable for current tomcat version, we are trying to evaluate whethere this CVE is applicable to our web application or not. We have couple of JSP error pages. Tested those