Due to the current gap in continued funding from the U.S. National Science Foundation (NSF), the NSF Unidata Program Center has temporarily paused most operations. See NSF Unidata Pause in Most Operations for details.
Due to the current gap in continued funding from the U.S. National Science Foundation (NSF), the NSF Unidata Program Center has temporarily paused most operations. See NSF Unidata Pause in Most Operations for details.
Hello all, A new CVE for Tomcat. While its severity is graded as "Low" please act on it by removing the examples web application that comes with a typical Tomcat installation (i.e: $TOMCAT_HOME/webapps/examples) if you haven't already done so. We encourage everyone to remove all unused web applications that come with a default Tomcat installation for this reason. CVE-2022-34305 Apache Tomcat - XSS in examples web application Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 10.1.0-M1 to 10.1.0-M16 Apache Tomcat 10.0.0-M1 to 10.0.22 Apache Tomcat 9.0.30 to 9.0.64 Apache Tomcat 8.5.50 to 8.5.81 Description: The Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability. Mitigation: Users of the affected versions should apply one of the following mitigations: - Remove the examples web application as documented in the Tomcat security guide - Upgrade to Apache Tomcat 10.1.0-M17 or later once released - Upgrade to Apache Tomcat 10.0.23 or later once released - Upgrade to Apache Tomcat 9.0.65 or later once released - Upgrade to Apache Tomcat 8.5.82 or later once released History: 2022-06-23 Original advisory References: [1] https://tomcat.apache.org/security-10.html [2] https://tomcat.apache.org/security-9.html [3] https://tomcat.apache.org/security-8.html
thredds archives: