-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
André,
On 6/25/15 8:32 AM, André Warnier wrote:
> Lynch, Charles [USA] wrote:
>> You are saying a malicious actor would need to be on the server
>> itself to load an application?
>>
>
> Basically yes, or be allowed to load and deploy applications
be informed, isn't it ?)
From: André Warnier [a...@ice-sa.com]
Sent: Thursday, June 25, 2015 8:32 AM
To: Tomcat Users List
Subject: Re: [External] Re: CVE-2014-7810 Mitigation
Lynch, Charles [USA] wrote:
You are saying a malicious actor would need to be o
] Re: CVE-2014-7810 Mitigation
Lynch, Charles [USA] wrote:
> You are saying a malicious actor would need to be on the server itself to
> load an application?
>
Basically yes, or be allowed to load and deploy applications via the Manager
application
(which is either not installed,
clear in the mail archive article I quoted below, which is signed by one of
the core Tomcat developers.
From: André Warnier [a...@ice-sa.com]
Sent: Thursday, June 25, 2015 7:55 AM
To: Tomcat Users List
Subject: [External] Re: CVE-2014-7810 Mitigation
Lynch
You are saying a malicious actor would need to be on the server itself to load
an application?
From: André Warnier [a...@ice-sa.com]
Sent: Thursday, June 25, 2015 7:55 AM
To: Tomcat Users List
Subject: [External] Re: CVE-2014-7810 Mitigation
Lynch, Charles [USA
