<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=us-ascii"> <meta name="Generator" content="Microsoft Exchange Server"> <style></style> </head> <body> <div dir="auto"> <div dir="auto">FYI that's MOST vulnerability scanners. Most of them do not have privileged access nor the database of ubuntu patch info in them so report solely on the exposed version number and thats it. It leads to a lot of false positives and then questions like these. ;)</div> <div dir="auto"><br> </div> <div dir="auto"><br> </div> <div dir="auto"><br> </div> <div id="x_composer_signature" dir="auto"> <div dir="auto" style="font-size:12px; color:#575757">Sent from my Galaxy</div> </div> <div dir="auto"><br> </div> <div><br> </div> <div><br> </div> <div>-------- Original message --------</div> <div>From: Brad Turnbough <bturnbough@backlundinvestment.com> </div> <div>Date: 11/21/22 16:15 (GMT-05:00) </div> <div>To: Robie Basak <robie.basak@ubuntu.com> </div> <div>Cc: ubuntu-devel-discuss@lists.ubuntu.com </div> <div>Subject: RE: Tomcat9 - Ubuntu 20.04 x64 </div> <div><br> </div> </div> <font size="2"><span style="font-size:11pt;"> <div class="PlainText">This is exactly what I was looking for. The vulnerability was addressed in v9.0.31 of the package. Nessus must look at the apache tomcat version and not take into consideration<br> <br> Thanks for your very helpful info. Much appreciated.<br> <br> <br> <br> <br> Thank you,<br> <br> Brad Turnbough<br> Senior Technology Analyst<br> <br> P: 309.272.2739 F: 309.272.2839<br> <br> <a href="http://www.betterbanks.com">www.betterbanks.com</a><br> <a href="http://www.glasfordbank.com">www.glasfordbank.com</a><br> <br> <br> <br> NOTICE: The information contained in this email and any document attached hereto is intended only for the named recipient(s). If you are not the intended recipient, nor the employee or agent responsible for delivering this message in confidence to the intended recipient(s), you are hereby notified that you have received this transmittal in error, and any review, dissemination, distribution or copying of this transmittal or its attachments is strictly prohibited. If you have received this transmittal and/or attachments in error, please notify me immediately by reply e-mail and then delete this message, including any attachments.<br> <br> <a href="http://www.statestreetbank.com-----Original">www.statestreetbank.com-----Original</a> Message-----<br> From: Robie Basak <robie.basak@ubuntu.com><br> Sent: Tuesday, November 15, 2022 10:00 AM<br> To: Brad Turnbough <bturnbough@backlundinvestment.com><br> Cc: ubuntu-devel-discuss@lists.ubuntu.com<br> Subject: Re: Tomcat9 - Ubuntu 20.04 x64<br> <br> Hi,<br> <br> On Mon, Nov 14, 2022 at 04:00:22PM +0000, Brad Turnbough wrote:<br> > Ran a nessus scan against the box and am being told that verion 9.0.31 is vulnerable to a DoS attack and that I need to upgrade to >=9.0.36. Problem is, that version isn't available in the Ubuntu repos.<br> ><br> > Can someone look into getting this package updated in order to resolve this vulnerability?<br> <br> Please see: <a href="https://wiki.ubuntu.com/SecurityTeam/FAQ#Versions">https://wiki.ubuntu.com/SecurityTeam/FAQ#Versions</a><br> <br> If after understanding that you still think the package is vulnerable, you need to identify a specific CVE.<br> <br> Once you have that, you can search for the status of a specific CVE at <a href="https://ubuntu.com/security/cves"> https://ubuntu.com/security/cves</a>.<br> <br> Hope that helps,<br> <br> Robie<br> -- <br> Ubuntu-devel-discuss mailing list<br> Ubuntu-devel-discuss@lists.ubuntu.com<br> Modify settings or unsubscribe at: <a href="https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss"> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss</a><br> </div> </span></font> </body> </html>