RE: Is tomcat6.0 impacted with these vulnerabilities (CVE-2018-1304, CVE-2018-1305)?
Both the vulnerabilities are not impacted on tomcat6.0.x. Thanks a lot Mark and Rémy for providing the quick information. -Original Message- From: Rémy Maucherat [mailto:r...@apache.org] Sent: 04 April 2018 17:32 To: Tomcat Users List Subject: Re: Is tomcat6.0 impacted with these vulnerabilities (CVE-2018-1304, CVE-2018-1305)? On Wed, Apr 4, 2018 at 1:02 PM, Mark Thomas wrote: > On 04/04/18 11:54, Rémy Maucherat wrote: > > On Wed, Apr 4, 2018 at 12:05 PM, Venkata Reddy (Trianz) < > > venkata.re...@trianz.com> wrote: > > > >> Hi Team, > >> > >> Could you please help me on whether tomcat6.0.53 version is also > impacted > >> with these vulnerabilities (CVE-2018-1304, > > > > > > Yes. > > I thought root context mapping was introduced in Servlet 3.0 (Tomcat 7). > Did we back-port it? > Ok, I think you are right as the text on the "special" - it doesn't look so spacial to me, as it's an exact path - "" path seems to be added in Servlet 3.0. It's a situation where I don't really know what it does in Tomcat 6.0. On the other one, I know for sure there's no ServletSecurity annotation :) Rémy > > Mark > > > > > > > >> CVE-2018-1305)? > >> > > > > No. > > > > Rémy > > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > **This mail has been sent from an external source** - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Is tomcat6.0 impacted with these vulnerabilities (CVE-2018-1304, CVE-2018-1305)?
On Wed, Apr 4, 2018 at 1:02 PM, Mark Thomas wrote: > On 04/04/18 11:54, Rémy Maucherat wrote: > > On Wed, Apr 4, 2018 at 12:05 PM, Venkata Reddy (Trianz) < > > venkata.re...@trianz.com> wrote: > > > >> Hi Team, > >> > >> Could you please help me on whether tomcat6.0.53 version is also > impacted > >> with these vulnerabilities (CVE-2018-1304, > > > > > > Yes. > > I thought root context mapping was introduced in Servlet 3.0 (Tomcat 7). > Did we back-port it? > Ok, I think you are right as the text on the "special" - it doesn't look so spacial to me, as it's an exact path - "" path seems to be added in Servlet 3.0. It's a situation where I don't really know what it does in Tomcat 6.0. On the other one, I know for sure there's no ServletSecurity annotation :) Rémy > > Mark > > > > > > > >> CVE-2018-1305)? > >> > > > > No. > > > > Rémy > > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Is tomcat6.0 impacted with these vulnerabilities (CVE-2018-1304, CVE-2018-1305)?
On 04/04/18 11:54, Rémy Maucherat wrote: > On Wed, Apr 4, 2018 at 12:05 PM, Venkata Reddy (Trianz) < > venkata.re...@trianz.com> wrote: > >> Hi Team, >> >> Could you please help me on whether tomcat6.0.53 version is also impacted >> with these vulnerabilities (CVE-2018-1304, > > > Yes. I thought root context mapping was introduced in Servlet 3.0 (Tomcat 7). Did we back-port it? Mark > > >> CVE-2018-1305)? >> > > No. > > Rémy > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Is tomcat6.0 impacted with these vulnerabilities (CVE-2018-1304, CVE-2018-1305)?
On Wed, Apr 4, 2018 at 12:05 PM, Venkata Reddy (Trianz) < venkata.re...@trianz.com> wrote: > Hi Team, > > Could you please help me on whether tomcat6.0.53 version is also impacted > with these vulnerabilities (CVE-2018-1304, Yes. > CVE-2018-1305)? > No. Rémy
Is tomcat6.0 impacted with these vulnerabilities (CVE-2018-1304, CVE-2018-1305)?
Hi Team, Could you please help me on whether tomcat6.0.53 version is also impacted with these vulnerabilities (CVE-2018-1304, CVE-2018-1305)? This information is very critical for us. Unfortunately we are still on the process of migrating our current tomcat6.0.x version usage to tomcat8.5.x. Thanks in advance.