Re: [SECURITY] CVE-2023-34981 Apache Tomcat - Information disclosure

Hello, I presume this only affects setups using AJP connectors - right? Thanks George On Wed, 21 Jun 2023 at 13:21, Mark Thomas wrote: > CVE-2023-34981 Apache Tomcat - Information disclosure > > Severity: Important > > Vendor: The Apache Software Foundation > > Versions Affected: > Apache To

Tomcat 8.5.x configuration file differences: permission denied

I am getting permission denied when trying to view configuration file changes between 8.5.x versions ( https://tomcat.apache.org/migration-85.html#Upgrading_8.5.x) https://gitbox.apache.org/repos/asf?p=tomcat.git&a=blobdiff&f=conf%2Fcatalina.policy&hpb=8.5.37&hb=8.5.39 Cheers, George

CVE-2019-0199 Apache Tomcat HTTP/2 DoS

Hello, Is an upgrade required for those who are not using the HTTP/2 protocol? Many thanks George Angeletos