Tomcat9 - Ubuntu 20.04 x64
Thomas Ward
teward at thomas-ward.net
Mon Nov 21 23:28:20 UTC 2022
FYI that's MOST vulnerability scanners. Most of them do not have privileged access nor the database of ubuntu patch info in them so report solely on the exposed version number and thats it. It leads to a lot of false positives and then questions like these. ;)
Sent from my Galaxy
-------- Original message --------
From: Brad Turnbough <bturnbough at backlundinvestment.com>
Date: 11/21/22 16:15 (GMT-05:00)
To: Robie Basak <robie.basak at ubuntu.com>
Cc: ubuntu-devel-discuss at lists.ubuntu.com
Subject: RE: Tomcat9 - Ubuntu 20.04 x64
This is exactly what I was looking for. The vulnerability was addressed in v9.0.31 of the package. Nessus must look at the apache tomcat version and not take into consideration
Thanks for your very helpful info. Much appreciated.
Thank you,
Brad Turnbough
Senior Technology Analyst
P: 309.272.2739 F: 309.272.2839
www.betterbanks.com<http://www.betterbanks.com>
www.glasfordbank.com<http://www.glasfordbank.com>
NOTICE: The information contained in this email and any document attached hereto is intended only for the named recipient(s). If you are not the intended recipient, nor the employee or agent responsible for delivering this message in confidence to the intended recipient(s), you are hereby notified that you have received this transmittal in error, and any review, dissemination, distribution or copying of this transmittal or its attachments is strictly prohibited. If you have received this transmittal and/or attachments in error, please notify me immediately by reply e-mail and then delete this message, including any attachments.
www.statestreetbank.com-----Original<http://www.statestreetbank.com-----Original> Message-----
From: Robie Basak <robie.basak at ubuntu.com>
Sent: Tuesday, November 15, 2022 10:00 AM
To: Brad Turnbough <bturnbough at backlundinvestment.com>
Cc: ubuntu-devel-discuss at lists.ubuntu.com
Subject: Re: Tomcat9 - Ubuntu 20.04 x64
Hi,
On Mon, Nov 14, 2022 at 04:00:22PM +0000, Brad Turnbough wrote:
> Ran a nessus scan against the box and am being told that verion 9.0.31 is vulnerable to a DoS attack and that I need to upgrade to >=9.0.36. Problem is, that version isn't available in the Ubuntu repos.
>
> Can someone look into getting this package updated in order to resolve this vulnerability?
Please see: https://wiki.ubuntu.com/SecurityTeam/FAQ#Versions
If after understanding that you still think the package is vulnerable, you need to identify a specific CVE.
Once you have that, you can search for the status of a specific CVE at https://ubuntu.com/security/cves.
Hope that helps,
Robie
--
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss at lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20221121/de06f974/attachment.html>
More information about the Ubuntu-devel-discuss
mailing list