This reminds me of CVE-2011-3192, It's also a denial of service exploit existing in Apache HTTP 2.2.x to 2.2.19, our Apache on system VM is 2.2.16 if my system VM template is the latest one. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192 http://www.securityfocus.com/bid/49303
These two are probably not very critical, but if possible, it's valuable to add a regular security scan job. Regards Mice -----Original Message----- From: Gavin Lee [mailto:gavin....@gmail.com] Sent: Wednesday, December 05, 2012 10:20 PM To: cloudstack Subject: Impact of tomcat CVE-2012-4534 This vulnerability possibly causes denial of service. See below link: http://mail-archives.apache.org/mod_mbox/www-announce/201212.mbox/%3c50be535a.9000...@apache.org%3E It was fixed in tomcat 6.0.36, but we recommand to use 6.0.33. Should we test a higher version and change the guide? -- Gavin
