Vulnerabilities in Apache httpd and Tomcat

stratolynne · ‎08-10-2010

Anyone else seen this (or dealing with this)?

There are vulnerabilities in Apache httpd and Tomcat. I was wondering what others are doing to address this situation. I have a call into VMware at the moment.

Thanks.

Texiwill · ‎08-17-2010

Hello,

There are a number of vulnerabilities that have been addressed already. Can you list the CVEs or whatever you used to determine there are issues. That would help quite a bit in how to address them.

In general, you need a fix from VMware or may need to change the configuration file by hand... One such change is to remove the ability to steal VMDKs without login... There is a KB article and the vSphere Hardening Guide has a solution for this as well.

Best regards,

Edward L. Haletky

Communities Moderator, VMware vExpert,

Author: VMware vSphere and Virtual Infrastructure Security,VMware ESX and ESXi in the Enterprise 2nd Edition

Podcast: The Virtualization Security Podcast Resources: The Virtualization Bookshelf

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill

TrooperX · ‎01-07-2011

I am currently hardening Our Vsphere 4.1 Infrastructure. The Alert Logic scans indicates that tomcat needs to be updated. Is there a certain procedure available to do this for the Vcenter server?

Thanks In Advance

Texiwill · ‎01-10-2011