Common Vulnerabilities & Exposures (CVE) Survival Guide

In 2 years Tomitribe support has patched over 80 CVEs on Apache Tomcat, TomEE & ActiveMQ.

Our teams work together to make surviving the frequency of CVEs possible.

CVEs are not black and white. Knowledge of both the app and server is required to truly determine risk and appropriate reaction.

POWERED BY

Sonatype Nexus Lifecycle

Sonatype & Tomitribe:  Working Together

Read our Case Study

Vulnerability Playbook

Scan

365 days a year we automatically scan your exact versions of Tomcat, TomEE or ActiveMQ

Discover

Vulnerabilities receive immediate attention from our support team

Notify

Support tickets are created on your behalf in our portal

Assess

We work collaboratively to help determine if your application is affected

React

Backed by our support team, you react appropriately & own risk confidently

Patch

The Tomitribe Support team immediately begins work on a patch for your version

Rollout

New binaries are posted to your open ticket and can be rolled out immediately

Open Source

Patches are contributed back to the community for any active branches still under development

Keeping up to date?

Check if you are using an affected version of Apache Tomcat or Apache TomEE & get a patch.

CVEs
Severity
CVE-2020-1938 - AJP / Ghostcat
HIGH 9.8
Versions Affected
CVE-2020-1935 - HTTP Request Smuggling - incorrect header parsing
MEDIUM 4.8
Versions Affected
CVE-2019-17569 - HTTP Request Smuggling - incorrect transfer-encoding handling
MEDIUM 4.8
Versions Affected
CVE-2019-17563 - Session Fixation
HIGH 7.5
Versions Affected
CVE-2019-12418 - JMX Remote Lifecycle Listener
HIGH 7.5
Versions Affected
Scanned for Vulnerabilities lately?   

Contact us & see how we can help. 


* These fields are required.