[IPT] Security Exposures

Bruce Wilson bruce.wilson at uvu.edu
Wed Apr 20 17:41:01 CEST 2011

I have installed the IPT on a Windows 2003 server (at
http://science.uvu.edu:8080/ipt/). Recently, a security evaluation was made,
and here are the medium-severity weaknesses found, all of which I think are
attributable to Tomcat/Apache. What should I be doing to resolve these? I
typically use automatic updates to keep things current, and don't normally
install software that requires hands-on maintenance,  so I'm unsure if an
update of the Apache or Tomcat software might break the ITP app. Or even if
an update will fix the holes. I think the security certificate errors are
Tomcat also, because I didn't install any in Windows, but I'm not certain.

2	SSL Certificate signed with an unknown Certificate Authority
2	SSL Certificate with Wrong Hostname
2	SSL Certificate Expiry
1	Apache Tomcat < 6.0.32 / 7.0.8 NIO Connector Denial of Service
1	Apache Tomcat 6.0.x < 6.0.30 Multiple Vulnerabilities
1	Apache Tomcat 6.x < 6.0.30 / 7.x < 7.0.5 Multiple XSS

Bruce Wilson
Department of Chemistry | Mail Stop 179 | UVU | 800 W University Parkway,
Orem UT 84058
(801)863-7138 | bruce.wilson at uvu.edu | http://science.uvu.edu/wilson

More information about the IPT mailing list