Re: Additional Information on Apache Tomcat CVE-2018-8037

On 01/10/2019 18:27, Martin Cocaro wrote: > yes, upgrading to 8.5 is work in progress, but would want to have a > conclusive test that the same scenario fails in 8.0.X. What is the best way > to distribute the POC code and what is required from our end to get access > to it? Martin, There is no

Re: Additional Information on Apache Tomcat CVE-2018-8037

yes, upgrading to 8.5 is work in progress, but would want to have a conclusive test that the same scenario fails in 8.0.X. What is the best way to distribute the POC code and what is required from our end to get access to it? On Tue, Oct 1, 2019 at 1:54 PM Christopher Schultz <

Re: Additional Information on Apache Tomcat CVE-2018-8037

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Martin, On 10/1/19 12:15, Martin Cocaro wrote: > Thank you Chris for the answer. The EOL date and its policy made > me wonder if the CVE was tested it against that version. > > Is there any place I can get a POC version of the CVE test case so >

Re: Additional Information on Apache Tomcat CVE-2018-8037

Thank you Chris for the answer. The EOL date and its policy made me wonder if the CVE was tested it against that version. Is there any place I can get a POC version of the CVE test case so that I can do the test myself against version 8.0.53? On Tue, Oct 1, 2019 at 12:43 PM Christopher Schultz <

Re: Additional Information on Apache Tomcat CVE-2018-8037

Thank you for the confirmation! Much appreciated. On Tue, Oct 1, 2019 at 12:46 PM Mark Thomas wrote: > > Martin, > > > > On 10/1/19 10:35, Martin Cocaro wrote: > >> Apache Tomcat Users Team, > > > >> The purpose of this email is to request information regarding > >> Apache Tomcat CVE-2018-8037

Re: Additional Information on Apache Tomcat CVE-2018-8037

> Martin, > > On 10/1/19 10:35, Martin Cocaro wrote: >> Apache Tomcat Users Team, > >> The purpose of this email is to request information regarding >> Apache Tomcat CVE-2018-8037 >> possibly affecting >> version 8.0.X (particularly 8.0.53). The

Re: Additional Information on Apache Tomcat CVE-2018-8037

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Martin, On 10/1/19 10:35, Martin Cocaro wrote: > Apache Tomcat Users Team, > > The purpose of this email is to request information regarding > Apache Tomcat CVE-2018-8037 > possibly affecting >

Additional Information on Apache Tomcat CVE-2018-8037

Apache Tomcat Users Team, The purpose of this email is to request information regarding Apache Tomcat CVE-2018-8037 possibly affecting version 8.0.X (particularly 8.0.53). The CVE was made public on 22-July-2018, after being privately disclosed on