This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA enVision® Discussions

Browse the RSA enVision discussion board to get product help and collaborate with other users of RSA enVision.
RSAAdmin
Beginner
Beginner
‎2009-12-22 03:59 PM

Envision 4 --- Vulnerability in Apache Tomcat

We recently discovered a critical vulnerability in our Envision 4.0 system.  After running a vulnerability assessment against our Envision 4.0 system we discovered that it is running Apache Tomcat 5.5.26 which has several vulnerabilities which are rated as critical / non PCI compliant.  RSA support is aware of the problem but is not expecting to have a patch released until sometime in Q2 of 2010. 

 

Has anyone else seen this? 

Any suggestions or work arounds would be appreciated.

0 Likes
Reply
4 Replies
RSAAdmin
Beginner
Beginner
‎2010-01-14 11:34 AM

What audit tool discovered it? 
0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to RSAAdmin
‎2010-11-30 05:45 PM

We use Saint Scans which outlined the same issue with Apache.

 

Any more news about SP4 being released?

0 Likes
Reply
DavidBruskin
Beginner
Beginner
In response to RSAAdmin
‎2010-12-01 11:41 PM

Service Pack's have been fixing this kind of stuff. It is known... Make sure you open a ticket with support so it can be tracked.

0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to DavidBruskin
‎2010-12-04 08:09 AM

What are the specific vulnerabilities and are there mitigation steps apart from waiting for the SP?

What are the specific vulnerabilities and are there mitigation steps apart from waiting for the SP?

 

 

David

0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.