CVE-2016-6325

Fórum

Ahmet Erkoc, modificado 7 Anos atrás.

CVE-2016-6325

New Member Postagens: 3 Data de Entrada: 20/10/16 Postagens Recentes

Hi;

I didnt find a post about cve-2016-6325. It was about tomcat vuln. I have applications which are working on top of Liferay Portal Community Edition 6.1.1 CE GA2. How do I fix that vuln for my system.

Thank you.

Samuel Kong, modificado 7 Anos atrás.

RE: CVE-2016-6325

Liferay Legend Postagens: 1902 Data de Entrada: 10/03/08 Postagens Recentes

Hi Ahmet

As you noted, CVE-2016-6325 is a vulnerability in Tomcat. It is not a vulnerability in Liferay Portal. So you can check on Tomcat's website for a patch / instructions on how to handle this vulnerability.

Ahmet Erkoc, modificado 7 Anos atrás.

RE: CVE-2016-6325

New Member Postagens: 3 Data de Entrada: 20/10/16 Postagens Recentes

Samuel Kong:

Hi Ahmet

As you noted, CVE-2016-6325 is a vulnerability in Tomcat. It is not a vulnerability in Liferay Portal. So you can check on Tomcat's website for a patch / instructions on how to handle this vulnerability.

I thought that If I change something in tomcat or update this may broke application. Because my setup is bundle with tomcat. I will take a look. Thanks for quick reply.

David H Nebinger, modificado 7 Anos atrás.

RE: CVE-2016-6325

Liferay Legend Postagens: 14919 Data de Entrada: 02/09/06 Postagens Recentes

There are changes Liferay makes to a bundle that make it different than an OOTB release.

That said, if you have concerns I'd suggest using a tool like BeyondCompare to compare the directories and review all changes and selectively pull in the updated changes.