Re: Help on upgrade tomcat bundled with JBoss for resolving tomcat security issue -[SECURITY] CVE-2008-5515 RequestDispatcher directory traversal vulnerability
On 26/10/2010 03:42, ww...@ogcio.gov.hk wrote: Dear Sir/Madam, Recently it has been checked that there is security vulnerability for the tomcat (version 5.0.9) shipped with the JBoss 4.0.3SP1. From the link below, it is recommended to upgrade to 5.5.28. http://marc.info/?l=tomcat-userm=124449799021571w=2 We have tried to upgrade the some tomcat library for version 5.5.31 by following with the steps we found in the web in http://itapproaches.blogspot.com/2010/08/upgrading-tomcat-in-jboss-405.html Yet we have encountered the exception (as attached for your reference). Should we upgrade the tomcat only, without upgrading the JBoss AS? This question is probably better addressed to JBoss support. p 0x62590808.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature
Help on upgrade tomcat bundled with JBoss for resolving tomcat security issue -[SECURITY] CVE-2008-5515 RequestDispatcher directory traversal vulnerability
Dear Sir/Madam, Recently it has been checked that there is security vulnerability for the tomcat (version 5.0.9) shipped with the JBoss 4.0.3SP1. From the link below, it is recommended to upgrade to 5.5.28. http://marc.info/?l=tomcat-userm=124449799021571w=2 We have tried to upgrade the some tomcat library for version 5.5.31 by following with the steps we found in the web in http://itapproaches.blogspot.com/2010/08/upgrading-tomcat-in-jboss-405.html Yet we have encountered the exception (as attached for your reference). Should we upgrade the tomcat only, without upgrading the JBoss AS? We would much appreciate it if you could advise you how we could resolve the situation, so as to address the security vulnerability at your earliest convenience. Thanks for your effort in advance. Again, here is our configuration: JBoss 4.0.3SP1 Tomcat 5.5.9 Many thanks! Wilson Fu HTTP Status 500 - type Exception report message description The server encountered an internal error () that prevented it from fulfilling this request. exception javax.servlet.ServletException: org.jboss.web.tomcat.tc5.jasper.JspServletOptions.isCaching()Z org.apache.jasper.servlet.JspServlet.service(JspServlet.java:267) javax.servlet.http.HttpServlet.service(HttpServlet.java:810) org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:81) root cause java.lang.AbstractMethodError: org.jboss.web.tomcat.tc5.jasper.JspServletOptions.isCaching()Z org.apache.jasper.compiler.Parser.parseTaglibDirective(Parser.java:425) org.apache.jasper.compiler.Parser.parseDirective(Parser.java:499) org.apache.jasper.compiler.Parser.parseElements(Parser.java:1558) org.apache.jasper.compiler.Parser.parse(Parser.java:130) org.apache.jasper.compiler.ParserController.doParse(ParserController.java:245) org.apache.jasper.compiler.ParserController.parse(ParserController.java:101) org.apache.jasper.compiler.Compiler.generateJava(Compiler.java:176) org.apache.jasper.compiler.Compiler.compile(Compiler.java:317) org.apache.jasper.compiler.Compiler.compile(Compiler.java:298) org.apache.jasper.compiler.Compiler.compile(Compiler.java:286) org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:565) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:309) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:308) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:259) javax.servlet.http.HttpServlet.service(HttpServlet.java:810) org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:81) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Help on upgrade tomcat bundled with JBoss for resolving tomcat security issue -[SECURITY] CVE-2008-5515 RequestDispatcher directory traversal vulnerability
Yes. Thanks regards, Wilson Fu Tel: 3182 6675 ww...@ogcio.gov.hk 26.10.2010 10:42 Please respond to Tomcat Users List users@tomcat.apache.org To users@tomcat.apache.org cc Subject Help on upgrade tomcat bundled with JBoss for resolving tomcat security issue -[SECURITY] CVE-2008-5515 RequestDispatcher directory traversal vulnerability Dear Sir/Madam, Recently it has been checked that there is security vulnerability for the tomcat (version 5.0.9) shipped with the JBoss 4.0.3SP1. From the link below, it is recommended to upgrade to 5.5.28. http://marc.info/?l=tomcat-userm=124449799021571w=2 We have tried to upgrade the some tomcat library for version 5.5.31 by following with the steps we found in the web in http://itapproaches.blogspot.com/2010/08/upgrading-tomcat-in-jboss-405.html Yet we have encountered the exception (as attached for your reference). Should we upgrade the tomcat only, without upgrading the JBoss AS? We would much appreciate it if you could advise you how we could resolve the situation, so as to address the security vulnerability at your earliest convenience. Thanks for your effort in advance. Again, here is our configuration: JBoss 4.0.3SP1 Tomcat 5.5.9 Many thanks! Wilson Fu [attachment error.txt deleted by Wilson WT FU/OGCIO/HKSARG] - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
