On 02/05/13 09:32, André Warnier wrote:
M Eashwar wrote:
Hi,
Anyone attacked with reference to below URL?
http://efytimes.com/e1/fullnews.asp?edid=105167&ntype=mor&edate=4/29/2013
Never heard of "EFYtimes" before, but considering what I have been
reading lately about bots, I would advise a modicum of caution before
following this link.
(And also maybe a modicum of healthy scepticism about that news article
itself).
This vulnerability applies only to apache httpd and is not relevant to
tomcat.
ALSO, it only applies to apache httpd when installed via a third-party
automated management system that is reported to not verify the digital
signature of the binary... which would be very negligent.
You should always verify apache packages against the published
signatures. Although linux distribution rpm and deb packages are
automatically verified during installation, we strongly recommend
installing packages directly from the official apache distribution
servers and then verifying the signature yourself - prior to installation!
Regards,
Brian
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org