Bigtop
  1. Bigtop
  2. BIGTOP-816 Bigtop 0.6.0 release
  3. BIGTOP-812

HttpFS is using Tomcat 6.0.32 which has numerous vulnerabilities

    Details

    • Type: Sub-task Sub-task
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 0.4.0
    • Fix Version/s: 0.6.0
    • Component/s: None
    • Labels:
      None

      Description

      Apache Tomcat DIGEST Vulnerabilities Medium CVE-2011-5064 5.0 Fail
      Apache Tomcat DIGEST Vulnerabilities Medium CVE-2011-5063 5.0 Fail
      Apache Tomcat DIGEST Vulnerabilities Medium CVE-2011-1184 5.0 Fail
      Apache Tomcat DIGEST Vulnerabilities Medium CVE-2011-5062 5.0 Fail

      Apache Tomcat Multiple Vulnerabilities (201108) Medium CVE-2011-2204 5.0 Fail
      Apache Tomcat Multiple Vulnerabilities (201108) Medium CVE-2011-2526 5.0 Fail
      Apache Tomcat Multiple Vulnerabilities (201108) Medium CVE-2011-2481 5.0 Fail
      Apache Tomcat Multiple Vulnerabilities (201108) Medium CVE-2011-2729 5.0 Fail

      Apache Tomcat Request Object Information Disclosure (20111001) Medium CVE-2011-3375 5.0 Fail

      All of these have been fixed in subsequent release of Tomcat.
      http://tomcat.apache.org/security-6.html

        Activity

        Jeff Lord created issue -
        Jeff Lord made changes -
        Field Original Value New Value
        Project Hadoop HDFS [ 12310942 ] Bigtop [ 12311420 ]
        Key HDFS-4323 BIGTOP-812
        Workflow no-reopen-closed, patch-avail [ 12742932 ] patch-available, re-open possible [ 12742935 ]
        Affects Version/s 0.4.0 [ 12318889 ]
        Affects Version/s 2.0.2-alpha [ 12322472 ]
        Alejandro Abdelnur made changes -
        Assignee Alejandro Abdelnur [ tucu00 ]
        Alejandro Abdelnur made changes -
        Assignee Alejandro Abdelnur [ tucu00 ]
        Roman Shaposhnik made changes -
        Issue Type Bug [ 1 ] Sub-task [ 7 ]
        Parent BIGTOP-816 [ 12625123 ]
        Hide
        Roman Shaposhnik added a comment -

        Tomcat is now 6.0.36

        Show
        Roman Shaposhnik added a comment - Tomcat is now 6.0.36
        Roman Shaposhnik made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Assignee Roman Shaposhnik [ rvs ]
        Fix Version/s 0.6.0 [ 12323895 ]
        Resolution Fixed [ 1 ]
        Roman Shaposhnik made changes -
        Status Resolved [ 5 ] Closed [ 6 ]
        Transition Time In Source Status Execution Times Last Executer Last Execution Date
        Open Open Resolved Resolved
        96d 20h 6m 1 Roman Shaposhnik 25/Mar/13 15:47
        Resolved Resolved Closed Closed
        88d 8h 2m 1 Roman Shaposhnik 22/Jun/13 00:49

          People

          • Assignee:
            Roman Shaposhnik
            Reporter:
            Jeff Lord
          • Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development