[jira] [Resolved] (TOMEE-2789) TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.

Martin Wiesner (Jira) Fri, 27 Nov 2020 05:23:03 -0800


     [ 
https://issues.apache.org/jira/browse/TOMEE-2789?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Martin Wiesner resolved TOMEE-2789.
-----------------------------------
    Resolution: Fixed

The issue has been addressed with the release of TomEE 7.0.8. Please update 
accordingly.

> TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability. 
> ------------------------------------------------------------------------------
>
>                 Key: TOMEE-2789
>                 URL: https://issues.apache.org/jira/browse/TOMEE-2789
>             Project: TomEE
>          Issue Type: Bug
>    Affects Versions: 7.0.7
>            Reporter: Jayaprakash
>            Priority: Critical
>             Fix For: 7.0.8
>
>
> TomEE plus (7.0.7) is using Apache Tomcat 8.5.50 version which is affected by 
> vulnerability CVE-2020-1938(BDSA-2020-0339) with CVSS score of *9.8* which 
> causes {{Information Disclosure and Potential Remote Code Execution via 
> Apache JServ Protocol (AJP) Connector}}
> Apache Tomcat(8.5.51) addresses this vulnerability. Is there any scheduled 
> release of TomEE plus(7.0.7) with this component ? 
> If not planned, can you please upgrade TomEE plus(7.0.7) with Apache 
> Tomcat(8.5.51) version or later which addresses this vulnerability. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Resolved] (TOMEE-2789) TomEE plus(7.0.7) is affected by CVE-2020-1938(BDSA-2020-0339) vulnerability.

Reply via email to