RE: Does CVE-2007-0450 (Directory Traversal) affect standalone Tomcat
Right! :-) Thanks. Gaurav -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Friday, September 11, 2009 2:02 PM To: Tomcat Users List Subject: Re: Does CVE-2007-0450 (Directory Traversal) affect standalone Tomcat Tadelkar, Gauravsagar (Gaurav) wrote: Thanks for the reply, Mark. If possible, can you please point to any references/docs which would help me convince others about the directory traversal vulnerability not impacting a standalone tomcat? Even an explanation would help. I would have thought the phrase When Tomcat is used behind a proxy... was pretty self explanatory. Mark I personally do agree that upgrading the tomcat is surely the thing to do rather than looking for alternatives, but this is something beyond my powers in this case :-) Thanks once again. Gaurav -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Wednesday, September 09, 2009 1:49 PM To: Tomcat Users List Subject: Re: Does CVE-2007-0450 (Directory Traversal) affect standalone Tomcat Tadelkar, Gauravsagar (Gaurav) wrote: I have a tomcat at version 5.5.15 in a standalone mode and due to some compulsions cannot upgrade it. Does the directory traversal vulnerability affect tomcat in a standalone mode (the 5.5.15 ver does not have a fix to this vulnerability)? No it doesn't. However, there are plenty of other vulnerabilities (eg CVE-2008-5515) that do. Alternately, is there a way I can secure/work around this vulnerability without upgrading? You'd have to look at each vulnerability on a case by case basis. Upgrading to 5.5.28 is likely to be less painful than any of the alternatives. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Does CVE-2007-0450 (Directory Traversal) affect standalone Tomcat
I have a tomcat at version 5.5.15 in a standalone mode and due to some compulsions cannot upgrade it. Does the directory traversal vulnerability affect tomcat in a standalone mode (the 5.5.15 ver does not have a fix to this vulnerability)? Alternately, is there a way I can secure/work around this vulnerability without upgrading? Thanks, Gaurav - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Does CVE-2007-0450 (Directory Traversal) affect standalone Tomcat
Thanks for the reply, Mark. If possible, can you please point to any references/docs which would help me convince others about the directory traversal vulnerability not impacting a standalone tomcat? Even an explanation would help. I personally do agree that upgrading the tomcat is surely the thing to do rather than looking for alternatives, but this is something beyond my powers in this case :-) Thanks once again. Gaurav -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Wednesday, September 09, 2009 1:49 PM To: Tomcat Users List Subject: Re: Does CVE-2007-0450 (Directory Traversal) affect standalone Tomcat Tadelkar, Gauravsagar (Gaurav) wrote: I have a tomcat at version 5.5.15 in a standalone mode and due to some compulsions cannot upgrade it. Does the directory traversal vulnerability affect tomcat in a standalone mode (the 5.5.15 ver does not have a fix to this vulnerability)? No it doesn't. However, there are plenty of other vulnerabilities (eg CVE-2008-5515) that do. Alternately, is there a way I can secure/work around this vulnerability without upgrading? You'd have to look at each vulnerability on a case by case basis. Upgrading to 5.5.28 is likely to be less painful than any of the alternatives. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org