I have installed the IPT on a Windows 2003 server (at http://science.uvu.edu:8080/ipt/). Recently, a security evaluation was made, and here are the medium-severity weaknesses found, all of which I think are attributable to Tomcat/Apache. What should I be doing to resolve these? I typically use automatic updates to keep things current, and don't normally install software that requires hands-on maintenance, so I'm unsure if an update of the Apache or Tomcat software might break the ITP app. Or even if an update will fix the holes. I think the security certificate errors are Tomcat also, because I didn't install any in Windows, but I'm not certain.
# PLUGIN NAME 2 SSL Certificate signed with an unknown Certificate Authority 2 SSL Certificate with Wrong Hostname 2 SSL Certificate Expiry 1 Apache Tomcat < 6.0.32 / 7.0.8 NIO Connector Denial of Service 1 Apache Tomcat 6.0.x < 6.0.30 Multiple Vulnerabilities 1 Apache Tomcat 6.x < 6.0.30 / 7.x < 7.0.5 Multiple XSS
Bruce Wilson Department of Chemistry | Mail Stop 179 | UVU | 800 W University Parkway, Orem UT 84058 (801)863-7138 | bruce.wilson@uvu.edu | http://science.uvu.edu/wilson