to be extra clear: Does anyone know whether this vulnerability also affects an Apache Cloudstack (especially 4.19 and newer) installation? No, it is not subject to that CVE!
On Mon, Apr 7, 2025 at 10:09 AM Daan Hoogland <daan.hoogl...@gmail.com> wrote: > > Werner, > > ACS has not been using tomcat for a number of releases now. It uses > Jetty. You would have to have a procedure in place to alter the > container server if you do. > > On Fri, Apr 4, 2025 at 10:21 AM W. Verleger - proIO GmbH > <w.verle...@proio.com> wrote: > > > > Hi there, > > > > Does anyone know whether this vulnerability also affects an Apache > > Cloudstack (especially 4.19 and newer) installation? > > If so, are there any updates in cloudstack-management package yet? > > > > Apache Tomcat: > > https://nvd.nist.gov/vuln/detail/CVE-2025-24813 > > > > Thanks! > > > > > > - proIO GmbH - > > Geschäftsführer: Swen Brüseke > > Sitz der Gesellschaft: Frankfurt am Main > > > > USt-IdNr. DE 267 075 918 > > Registergericht: Frankfurt am Main - HRB 86239 > > > > Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte > > Informationen. > > Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich > > erhalten haben, > > informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. > > Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail sind > > nicht gestattet. > > > > This e-mail may contain confidential and/or privileged information. > > If you are not the intended recipient (or have received this e-mail in > > error) please notify > > the sender immediately and destroy this e-mail. > > Any unauthorized copying, disclosure or distribution of the material in > > this e-mail is strictly forbidden. > > > > > -- > Daan -- Daan
