[IPT] Security Exposures
Bruce Wilson
bruce.wilson at uvu.edu
Wed Apr 20 17:41:01 CEST 2011
I have installed the IPT on a Windows 2003 server (at
http://science.uvu.edu:8080/ipt/). Recently, a security evaluation was made,
and here are the medium-severity weaknesses found, all of which I think are
attributable to Tomcat/Apache. What should I be doing to resolve these? I
typically use automatic updates to keep things current, and don't normally
install software that requires hands-on maintenance, so I'm unsure if an
update of the Apache or Tomcat software might break the ITP app. Or even if
an update will fix the holes. I think the security certificate errors are
Tomcat also, because I didn't install any in Windows, but I'm not certain.
# PLUGIN NAME
2 SSL Certificate signed with an unknown Certificate Authority
2 SSL Certificate with Wrong Hostname
2 SSL Certificate Expiry
1 Apache Tomcat < 6.0.32 / 7.0.8 NIO Connector Denial of Service
1 Apache Tomcat 6.0.x < 6.0.30 Multiple Vulnerabilities
1 Apache Tomcat 6.x < 6.0.30 / 7.x < 7.0.5 Multiple XSS
Bruce Wilson
Department of Chemistry | Mail Stop 179 | UVU | 800 W University Parkway,
Orem UT 84058
(801)863-7138 | bruce.wilson at uvu.edu | http://science.uvu.edu/wilson
More information about the IPT
mailing list