RSA Admin

Envision 4 --- Vulnerability in Apache Tomcat

Discussion created by RSA Admin Employee on Dec 22, 2009
Latest reply on Dec 4, 2010 by RSA Admin

We recently discovered a critical vulnerability in our Envision 4.0 system.  After running a vulnerability assessment against our Envision 4.0 system we discovered that it is running Apache Tomcat 5.5.26 which has several vulnerabilities which are rated as critical / non PCI compliant.  RSA support is aware of the problem but is not expecting to have a patch released until sometime in Q2 of 2010. 

 

Has anyone else seen this? 

Any suggestions or work arounds would be appreciated.

Outcomes