We need to look into this - let's talk about it. Here is our versions of applications on login
Server version: Apache Tomcat/5.5.25 Server built: Aug 24 2007 05:33:50 Server number: 5.5.25.0 OS Name: Linux OS Version: 2.6.18-194.11.1.el5 Architecture: amd64 JVM Version: 1.6.0_06-b02 JVM Vendor: Sun Microsystems Inc. James Bodine Manager, Web Services & Middleware Fort Lewis College - Information Technology 970-247-7304 [email protected] -----Original Message----- From: Andrew Petro [mailto:[email protected]] Sent: Thursday, February 17, 2011 10:03 AM To: [email protected] Subject: [cas-user] Critical Security Vulnerability Notification CVE-2010-4476 CAS Adopters, Be advised that most CAS deployments are vulnerable to the widely publicized not-a-defect-in-CAS-itself JVM defect CVE-2010-4476. You should take immediate action to mitigate this vulnerability in your production environments. Notification posted to website: http://www.jasig.org/cas/news/cve-2010-4476 (This is the same issue as described in the recent "Important! Critical bug in all Java versions" thread. Posting as a new thread to draw attention to the issue and to the Jasig CAS product response.) Thanks are due to Robert Oschwald who raised that thread, to Marvin Addison for testing, and to the CAS Steering Committee for coordinating composing and posting a CAS-as-product response to this issue. Feedback welcome on the website news entry, which doubtless can be improved, but I hope it will help to get the word out to encourage mitigation of this serious issue. Best wishes, Andrew Andrew Petro Jasig CAS Steering Committee Software Developer, Unicon, Inc. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
