This is exactly what I was looking for. The vulnerability was addressed in v9.0.31 of the package. Nessus must look at the apache tomcat version and not take into consideration
Thanks for your very helpful info. Much appreciated. Thank you, Brad Turnbough Senior Technology Analyst P: 309.272.2739 F: 309.272.2839 www.betterbanks.com www.glasfordbank.com NOTICE: The information contained in this email and any document attached hereto is intended only for the named recipient(s). If you are not the intended recipient, nor the employee or agent responsible for delivering this message in confidence to the intended recipient(s), you are hereby notified that you have received this transmittal in error, and any review, dissemination, distribution or copying of this transmittal or its attachments is strictly prohibited. If you have received this transmittal and/or attachments in error, please notify me immediately by reply e-mail and then delete this message, including any attachments. www.statestreetbank.com-----Original Message----- From: Robie Basak <robie.ba...@ubuntu.com> Sent: Tuesday, November 15, 2022 10:00 AM To: Brad Turnbough <bturnbo...@backlundinvestment.com> Cc: ubuntu-devel-discuss@lists.ubuntu.com Subject: Re: Tomcat9 - Ubuntu 20.04 x64 Hi, On Mon, Nov 14, 2022 at 04:00:22PM +0000, Brad Turnbough wrote: > Ran a nessus scan against the box and am being told that verion 9.0.31 is > vulnerable to a DoS attack and that I need to upgrade to >=9.0.36. Problem > is, that version isn't available in the Ubuntu repos. > > Can someone look into getting this package updated in order to resolve this > vulnerability? Please see: https://wiki.ubuntu.com/SecurityTeam/FAQ#Versions If after understanding that you still think the package is vulnerable, you need to identify a specific CVE. Once you have that, you can search for the status of a specific CVE at https://ubuntu.com/security/cves. Hope that helps, Robie -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
