[Info-vax] Planning for Upgrades, Migrations, and Vulnerabilities
Arne Vajhøj
arne at vajhoej.dk
Mon Apr 15 19:31:48 EDT 2019
On 4/15/2019 12:07 PM, Stephen Hoffman wrote:
> BTW, there's another Tomcat exploit active, if you're not writing all of
> your own web server. This one targeting Apache Tomcat on Windows.
> CVE-2019-0232
For those vulnerable it is very bad.
Good thing is that it is relative few. Not that many run production
Tomcat on Windows and very few enable CGI scripts in Tomcat - in fact
I have never heard of anybody doing so - but there must be some
otherwise the feature would not be there.
Arne
More information about the Info-vax
mailing list