Tomcat9 - Ubuntu 20.04 x64

[Brad Turnbough]

This is exactly what I was looking for.  The vulnerability was addressed in v9.0.31 of the package.  Nessus must look at the apache tomcat version and not take into consideration

Thanks for your very helpful info.  Much appreciated.




Thank you,

Brad Turnbough
Senior Technology Analyst

P: 309.272.2739 F: 309.272.2839

www.betterbanks.com
www.glasfordbank.com



NOTICE: The information contained in this email and any document attached hereto is intended only for the named recipient(s). If you are not the intended recipient, nor the employee or agent responsible for delivering this message in confidence to the intended recipient(s), you are hereby notified that you have received this transmittal in error, and any review, dissemination, distribution or copying of this transmittal or its attachments is strictly prohibited. If you have received this transmittal and/or attachments in error, please notify me immediately by reply e-mail and then delete this message, including any attachments.

www.statestreetbank.com-----Original Message-----
From: Robie Basak <robie.basak at ubuntu.com>
Sent: Tuesday, November 15, 2022 10:00 AM
To: Brad Turnbough <bturnbough at backlundinvestment.com>
Cc: ubuntu-devel-discuss at lists.ubuntu.com
Subject: Re: Tomcat9 - Ubuntu 20.04 x64

Hi,

On Mon, Nov 14, 2022 at 04:00:22PM +0000, Brad Turnbough wrote:
> Ran a nessus scan against the box and am being told that verion 9.0.31 is vulnerable to a DoS attack and that I need to upgrade to >=9.0.36.  Problem is, that version isn't available in the Ubuntu repos.
>
> Can someone look into getting this package updated in order to resolve this vulnerability?

Please see: https://wiki.ubuntu.com/SecurityTeam/FAQ#Versions

If after understanding that you still think the package is vulnerable, you need to identify a specific CVE.

Once you have that, you can search for the status of a specific CVE at https://ubuntu.com/security/cves.

Hope that helps,

Robie