Both the vulnerabilities are not impacted on tomcat6.0.x. Thanks a lot Mark and Rémy for providing the quick information.
-----Original Message----- From: Rémy Maucherat [mailto:r...@apache.org] Sent: 04 April 2018 17:32 To: Tomcat Users List Subject: Re: Is tomcat6.0 impacted with these vulnerabilities (CVE-2018-1304, CVE-2018-1305)? On Wed, Apr 4, 2018 at 1:02 PM, Mark Thomas <ma...@apache.org> wrote: > On 04/04/18 11:54, Rémy Maucherat wrote: > > On Wed, Apr 4, 2018 at 12:05 PM, Venkata Reddy (Trianz) < > > venkata.re...@trianz.com> wrote: > > > >> Hi Team, > >> > >> Could you please help me on whether tomcat6.0.53 version is also > impacted > >> with these vulnerabilities (CVE-2018-1304, > > > > > > Yes. > > I thought root context mapping was introduced in Servlet 3.0 (Tomcat 7). > Did we back-port it? > Ok, I think you are right as the text on the "special" - it doesn't look so spacial to me, as it's an exact path - "" path seems to be added in Servlet 3.0. It's a situation where I don't really know what it does in Tomcat 6.0. On the other one, I know for sure there's no ServletSecurity annotation :) Rémy > > Mark > > > > > > > >> CVE-2018-1305)? > >> > > > > No. > > > > Rémy > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > **This mail has been sent from an external source** --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
