[jira] [Updated] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)

Tue, 13 Oct 2020 02:08:20 -0700 


     [ 
https://issues.apache.org/jira/browse/TOMEE-2909?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Hariprasad tammineni updated TOMEE-2909:
----------------------------------------
    Description: 
TomEE plus (7.0.7) is using Apache Tomcat 8.5.50 version. Can you confirm if 
TomEE plus (7.0.7) is impacted by 
[CVE-2020-9484|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484] or 
[BDSA-2020-1193|https://blackduck.opentext.net/api/vulnerabilities/BDSA-2020-1193/overview]?

*Solution* - Fix Available
 Fixed in [10.0.0.M5|https://github.com/apache/tomcat/releases/tag/10.0.0-M5] 
by 
[this|https://github.com/apache/tomcat/commit/bb33048e3f9b4f2b70e4da2e6c4e34ca89023b1b]
 commit.

The latest stable releases can be found 
[here|https://github.com/apache/tomcat/releases].

If impacted, can you please upgrade TOMEE plus(7.0.7) with fixed versions of 
Tomcat ?

  was:
TomEE plus (7.0.7) is using Apache Tomcat 8.5.50 version. Can you confirm if 
TomEE plus (7.0.7) is impacted by 
[CVE-2020-9484|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484]?

Apache Tomcat(8.5.51) addresses this vulnerability. Is there any scheduled 
release of TomEE plus(7.0.7) with this component ?
If impacted, can you please upgrade TOMEE plus(7.0.7) with fixed versions of 
Tomcat.


> Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)
> ---------------------------------------------------------------------
>
>                 Key: TOMEE-2909
>                 URL: https://issues.apache.org/jira/browse/TOMEE-2909
>             Project: TomEE
>          Issue Type: Bug
>            Reporter: Hariprasad tammineni
>            Priority: Major
>
> TomEE plus (7.0.7) is using Apache Tomcat 8.5.50 version. Can you confirm if 
> TomEE plus (7.0.7) is impacted by 
> [CVE-2020-9484|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484] 
> or 
> [BDSA-2020-1193|https://blackduck.opentext.net/api/vulnerabilities/BDSA-2020-1193/overview]?
> *Solution* - Fix Available
>  Fixed in [10.0.0.M5|https://github.com/apache/tomcat/releases/tag/10.0.0-M5] 
> by 
> [this|https://github.com/apache/tomcat/commit/bb33048e3f9b4f2b70e4da2e6c4e34ca89023b1b]
>  commit.
> The latest stable releases can be found 
> [here|https://github.com/apache/tomcat/releases].
> If impacted, can you please upgrade TOMEE plus(7.0.7) with fixed versions of 
> Tomcat ?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to