Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[cft-dev] FW: Tomcat-embed and Tomcat Vulnerabilities
  • From: David Alejandro Christensen Arreola <David.Christensen@xxxxxxx>
  • Date: Mon, 28 Nov 2022 21:16:13 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=hcl.com; dmarc=pass action=none header.from=hcl.com; dkim=pass header.d=hcl.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=zzMOVcbDUyE9/CwIl8UW21MILAfOFeZX/kcr7jUJxuk=; b=GEx/AVMefNXxRh7QsiaScTWO/3rNJtCXT3iETesm3fsnSzoKYGsu7B0Xi3hghjw2L52kx3vwZoxCai8tEuNeO63abtqJpcIzpWsV7HnKefwZf/X3xvBLNEeQrf0CmiT4LVcqLXeVUlJTVzNTBDtMhW0fM/Ms5SpZtKp5acVpE0cc3oLPzf9kDHqhkU7jpa0R7ikinYMWskxwMyC/3+sVjLebye0AEsrXd3pmt233zkxjF5bV8Uwubc035x2NQrFpr/kdCFCwoHkc5wQadUBkhP3jdOZHdFKbK3745z7Dm5caR3f7g3OEYPuaA4psBgiGZnzQ9o45gjksehzO2NBelw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eKIwR3AnmxkCSt/a7OiHOrpeooHyTQMkPlqP9nOVbFWT5mPkoIs2yXBxQnR3gmwQm23eqdHgXOqU80//Mbs9+uJ7WkbU3evKhQ3XmeOe4m64PbiODsnCQ/iSxkB26mb4Bs+qYeNr0po4UDgJgksCYQ8I/TBZg0oLpBnIcMVU5QfZ3gIlkpu7CzP6+pIS6ilaouyDmLNdxXzn3AB01rjyzIzNIufcOf8CrZsTrQq7dNBTCiOBC8a5iswl7pbIem1mdaA+bgNTLh84unm0x+otboPIATeRtwrWXDMqqg2cUj3wq5yGGzwOAjRxmEDDuEcSYyGH75yCU5vx2MQ9BJi36Q==
  • Delivered-to: cft-dev@xxxxxxxxxxx
  • List-archive: <https://www.eclipse.org/mailman/private/cft-dev/>
  • List-help: <mailto:cft-dev-request@eclipse.org?subject=help>
  • List-subscribe: <https://www.eclipse.org/mailman/listinfo/cft-dev>, <mailto:cft-dev-request@eclipse.org?subject=subscribe>
  • List-unsubscribe: <https://www.eclipse.org/mailman/options/cft-dev>, <mailto:cft-dev-request@eclipse.org?subject=unsubscribe>
  • Thread-index: AQHY+hGnttu4CTTKe0iMT7S9WFFYH65C5hkAgBH3Wg4=
  • Thread-topic: Tomcat-embed and Tomcat Vulnerabilities

Hi Dev,

 

Regarding tomcat-embed, JAR’s were found under

configuration/org.eclipse.osgi/1218/0/.cp/lib/tomcat-embed-core-8.0.33.jar

and the user plugin is org.eclipse.cft.server.core.

 

I'd like to know if my Eclipse instance would be affected by the vulnerabilities recorded by tomcat.apache.org

https://tomcat.apache.org/security-9.html

given that tomcat-embed could has the Tomcat Server vulnerabilities.

In negative case, is there any reasoning?

 

Thank you

David

 

From: Mark Thomas <markt@xxxxxxxxxx>
Date: Thursday, 17 November 2022, 4:12
To: users@xxxxxxxxxxxxxxxxx <users@xxxxxxxxxxxxxxxxx>
Subject: Re: Tomcat-embed and Tomcat Vulnerabilities

[CAUTION: This Email is from outside the Organization. Unless you trust the sender, Don’t click links or open attachments as it may be a Phishing email, which can steal your Information and compromise your Computer.]

On 16/11/2022 23:45, David Alejandro Christensen Arreola wrote:
> Hi Users,
>
> My question is about whether a vulnerability applies to my particular application. My application is using tomcat-embed.
>
> Being tomcat-embed derived from Tomcat server, could tomcat-embed has the vulnerabilities that Tomcat server has?

Yes.

> In affirmative case, is disclosure of vulnerability going to mention tomcat-embed or Tomcat Server only when applicable?

No. Vulnerabilities apply to all configurations unless the vulnerability
description explicitly states otherwise.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxxx

::DISCLAIMER::
The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents (with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of authorized representative of HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any email and/or attachments, please check them for viruses and other defects.

Back to the top