On 27/03/2012 15:28, Geet Chandra wrote: > This is what I read, now in the solution tab, it says to remove the > examples folder,but we are shipping the tomcat with our product, can we > remove the example folder and ship with our product.If not, any other > workaround/solution.Stoplisted Vulnerabilities for this Host: 2 > Vulnerability12085Apache Tomcat Servlet / JSP Container Default FilesLow > Risk > DescriptionThis system is running an Apache Tomcat servlet/JSP container > with default files (such as documentation, default Servlets and JSPs) > installed. These files may help an attacker to guess the exact version of > the Apache Tomcat which is running on this host and may provide other > useful information. SolutionRemove default files, example JSPs and Servlets > from the Tomcat Servlet/JSP container. CategoryHosting or infrastructure > flaw.CVE ReferenceCVE-MAP-NOMATCHCVSS2 .0 (Low) > (AV:N/AC:L/Au:N/C:N/I:N/A:N)First > Found13 March 2011Port443/tcpLast 6 Months Stopped*By:* > joe.blo...@technicians.com *From:* 12 March 2003 *To:* 12 March 2014 > ReasonYour Company accepts the risk that this vulnerability poses.
So, rather than re-reading what appears to be the untrustworthy output of a non-human automated scanning tool, (whom you may not engage in conversation), why not re-read the thread you started and review the facts given to you by humans* who did engage you in conversation? Alternatively, consider the following: if a version of Tomcat set off at 1pm and was travelling at 82mph, and another version of Tomcat set off from a station 417 miles away at 9am and was travelling towards the first at 63mph, which version is vulnerable to a bug reported in 2002? p * well, mostly -- [key:62590808] --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
