[thredds] Tomcat Ghostcat Vulnerability

I am surprised this hasn't hit this list already:

"Ghostcat" is a new security vulnerability in Tomcat's AJP Connector that 
potentially allows attackers to take over the server. You can read more about 
the problem at

Updates are available for the recent versions of Tomcat to fix this.  We have 
updated 2 TDS to Tomcat 8: 8.5.51 with no issues that I can see,  but ten again 
we aren't using AJP.


"The contents of this message do not reflect any position of the U.S. 
Government or NOAA."
Roy Mendelssohn
Supervisory Operations Research Analyst
Environmental Research Division
Southwest Fisheries Science Center
***Note new street address***
110 McAllister Way
Santa Cruz, CA 95060
Phone: (831)-420-3666
Fax: (831) 420-3980
e-mail: Roy.Mendelssohn@xxxxxxxx www: https://www.pfeg.noaa.gov/

"Old age and treachery will overcome youth and skill."
"From those who have been given much, much will be expected" 
"the arc of the moral universe is long, but it bends toward justice" -MLK Jr.

  • 2020 messages navigation, sorted by:
    1. Thread
    2. Subject
    3. Author
    4. Date
    5. ↑ Table Of Contents
  • Search the thredds archives: