-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Yoli,
On 10/29/18 08:18, Mark Thomas wrote: > On 29/10/18 11:29, Yoli Mana wrote: >> Hi All, >> >> Looking at the description of the below vulnerability. It is not >> clear to me if this is only relevant to those who use Tomcat for >> serving static files (since they are talking about directory >> redirection). If our Tomcat instance is used only to serve >> dynamic content, is the vulnerability is relevant to us? > > If your application does not make use of Tomcat's default servlet > then you will not be affected by this vulnerability. You would need > to check the servlet mappings for the application to determine if > Tomcat's default servlet would be used to respond to any requests. ... and it almost certainly would be used for that purpose at some point. You should expect that your server is indeed vulnerable and you should upgrade. - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlvXDLMACgkQHPApP6U8 pFjAgA/+L7hTuE5PLDS0fvntgrqe830DR4+J+I2avfRG5qF+SYGS6Hl436jlOnde V+cwOzs5fapvbj4XpNsKtP5yUMV/MhVOFsgHUpn6qIvRHJEr0SW38VdAOX9yySFL WEgYU3n3toIgAuXw02vuvxR+c6A3GxYeeXy3pEK9w4HVZYBDgoeXS0QnM0DMfJtN V50t9ZdrQtqKLRd9NrQX4s6TWPDvdAggrLSdsBRPYYf7vF4wOyjH7c5qiO2+XsvJ gAq/0WXiQ7lSyRATtTs/zqy/lXuiIu2JKddx9uenYTk4AgWk2uLGrMdjKg0W38RY Loq1twuqF9Gmn9pOPoU0Q+UvPxim9RKoZ8RpSmLAfIH2vLChl0ET9+OlsquWyTQt 4AuphfE2W2+lO2N7rCDllytwxLcpuM1U+8ayld2KaDkkUcSI0NW2jV+h1x9ED9G5 MwsL2o/2H9+DuIGW7sZNpijRTUClWVdatAGUOt8BkMFDFKImhrlJQP1wZdBWcZaZ v/dcFP089bEDOBxPprk+m2qyuwqRIJqzwuHLP4uPMPLnZD/G5RP4UGkUrVweVa8s b1HXTkIY+c18nO0D/B+Pbe8F5V+AN8au2FV25sXd7uFa+OqnBIVUTYfVxkdoorLm P4e99q2duTyW/ifm+PVEGMDAnOhVp726J7gZNSpWClbxnTX76rQ= =hz4z -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
