On 09/03/2012 23:55, Au, Leon wrote:
> On 3/9/12 2:19 PM, "Jayant Sane" <jayant_s...@hotmail.com> wrote:
> 
>>
>>
>> Pardon the re-post but I just wanted some kind of ack from the Tomcat dev
>> team on the following.
>> Has the "Tomcat WAR deployment directory traversal..." issue as detailed
>> in http://securitytracker.com/id/1023504 been fixed in version 7.0.023?
>> As I mentioned, the Apache security team wont comment on known security
>> issues. 
> 
> According to your link, only Tomcat major version 5 and 6 were affected.
> Also, the issue was report Jan 25, 2010.  Tomcat 7.0.23 was released Nov
> 25, 2011.  I imagine that any issue would have been patched well before
> that.
> 
> http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

Tomcat 7.0.2 was released as a beta on 2010-08-11 around 7 months after
the bug was reported.

There have been no fixes to the Cluster since 7.0.22, and the previous 3
versions didn't appear to address such a bug in the cluster mods, so
this is v likely to be a false positive from a poor scan.


p

> Leon
> 
>>
>> many thanks,Jayant                                   
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 


-- 

[key:62590808]

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to