-
Bug
-
Resolution: Fixed
-
Low
-
7.1.0, 7.1.1
-
7.01
-
Summary
We are currently on 8.0.17 and have already been bitten by a bug in it:
https://bz.apache.org/bugzilla/show_bug.cgi?id=57476
We should upgrade to the latest to get the latest bugfixes.
Also, there have been a number of recent CVEs involving Tomcat, most of which involve SecurityManager, which I believe we do not currently use.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0706
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0714
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0763
However, these are related to other aspects of Tomcat:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5345
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5346
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5351 (probably doesn't affect us)
Updating Tomcat to one of these versions would appear to patch all of the above CVEs:
- Apache Tomcat 9.0.0.M3
- Apache Tomcat 8.0.32
- Apache Tomcat 7.0.68
- Apache Tomcat 6.0.45
- causes
-
-
- Closed
-
- is related to
-
-
- Closed
-
-
GHS-41767 Loading...
- relates to
-