[JRASERVER-61885] Upgrade Tomcat to 8.0.36 or later

Type: Bug
Resolution: Fixed
Priority: Medium (View bug fix roadmap)
Fix Version/s: 7.2.6
Affects Version/s: 7.2.2, 7.1.9
Component/s: Tomcat, Upgrade
Labels:

Introduced in Version:
7.01
Support reference count:
4
UIS:
2
Bug Fix Policy:
View Atlassian Server bug fix policy

Current version of Tomcat 8.0.33 is vulernable to http://www.cvedetails.com/cve/CVE-2016-3092/

We need to upgrade the version we package with JIRA to address that vulnerability.

is duplicated by

JRASERVER-63421 CVEs: 2016-6797, 2016-6796, 2016-6794, 2016-5018 and 2016-0762.

Closed

JSB-101 You do not have permission to view this issue

Joel E. Wilson added a comment - 05/Oct/2016 2:19 PM

Is there any idea when this will be released?

Joel E. Wilson added a comment - 05/Oct/2016 2:19 PM Is there any idea when this will be released?

David Black added a comment - 05/Oct/2016 12:12 AM

tanga they don't usually match up.

David Black added a comment - 05/Oct/2016 12:12 AM tanga they don't usually match up.

Joel E. Wilson added a comment - 21/Sep/2016 4:20 PM

Just out of curiosity, what does the Due Date in your JIRA system equate to as far as release dates?

Joel E. Wilson added a comment - 21/Sep/2016 4:20 PM Just out of curiosity, what does the Due Date in your JIRA system equate to as far as release dates?

David Black added a comment - 22/Aug/2016 12:59 AM - edited

CVSS v3 score: 7.5 => High severity

Exploitability Metrics

Attack Vector	Network
Attack Complexity	Low
Privileges Required	None
User Interaction	None

Scope Metric

Scope	Unchanged

Impact Metrics

Confidentiality	None
Integrity	None
Availability	High

See http://go.atlassian.com/cvss for more details.

David Black added a comment - 22/Aug/2016 12:59 AM - edited CVSS v3 score: 7.5 => High severity Exploitability Metrics Attack Vector Network Attack Complexity Low Privileges Required None User Interaction None Scope Metric Scope Unchanged Impact Metrics Confidentiality None Integrity None Availability High See http://go.atlassian.com/cvss for more details.

Assignee:: Michal Orzechowski (Inactive)

Reporter:: Joel E. Wilson

Affected customers:: 4 This affects my team

Watchers:: 6 Start watching this issue

Created:: 14/Jul/2016 2:22 PM

Updated:: 09/Aug/2019 2:44 PM

Resolved:: 16/Nov/2016 8:35 PM

Jira Data Center

Details

Description

Attachments

Issue Links

Forms

Activity

Collapse comment: Joel E. Wilson added a comment - 05/Oct/2016 2:19 PM

Expand comment: Joel E. Wilson added a comment - 05/Oct/2016 2:19 PM

Collapse comment: David Black added a comment - 05/Oct/2016 12:12 AM

Expand comment: David Black added a comment - 05/Oct/2016 12:12 AM

Collapse comment: Joel E. Wilson added a comment - 21/Sep/2016 4:20 PM

Expand comment: Joel E. Wilson added a comment - 21/Sep/2016 4:20 PM

Collapse comment: David Black added a comment - 22/Aug/2016 12:59 AM, Edited by David Black - 22/Aug/2016 12:59 AM

Expand comment: David Black added a comment - 22/Aug/2016 12:59 AM, Edited by David Black - 22/Aug/2016 12:59 AM

People

Dates