----- Original Message ----- > From: Brendan P Keenan <bkee...@csc.com> > To: users@tomcat.apache.org > Cc: > Sent: Friday, October 7, 2011 9:08 AM > Subject: Adding Revisions > > > I apologise if this has been answered somewhere else but I just haven't > been able to find it... > > Server is running Windows 2003 R2 SP2 > Tomcat 6.0.33 > > I need to mitigate CVE-2011-3190. It appears revision 1162959 fixes it. > > I cannot find how to apply 1162959. Hopefully someone can tell me the steps > or point me to documentation > Thanks > > > > Brendan P Keenan > Mainframe Automation > CSC >
Could you use one of the two mitigation recommendations? The announcement: http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.34_(not_yet_released) If you're using mod_jk, then the following two links gives you detailed configuration information. http://tomcat.apache.org/tomcat-6.0-doc/config/ajp.html http://tomcat.apache.org/connectors-doc/reference/workers.html If you're using mod_proxy_ajp or mod_jk earlier than 1.2.12 (upgrade), then you can change the AJP connector protocol to org.apache.jk.server.JkCoyoteHandler as per the announcement. . . . . just my two cents. /mde/ --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
