CVE-2016-6325

Message Boards

Ahmet Erkoc, modified 7 Years ago.

CVE-2016-6325

New Member Posts: 3 Join Date: 10/20/16 Recent Posts

Hi;

I didnt find a post about cve-2016-6325. It was about tomcat vuln. I have applications which are working on top of Liferay Portal Community Edition 6.1.1 CE GA2. How do I fix that vuln for my system.

Thank you.

Samuel Kong, modified 7 Years ago.

RE: CVE-2016-6325

Liferay Legend Posts: 1902 Join Date: 3/10/08 Recent Posts

Hi Ahmet

As you noted, CVE-2016-6325 is a vulnerability in Tomcat. It is not a vulnerability in Liferay Portal. So you can check on Tomcat's website for a patch / instructions on how to handle this vulnerability.

Ahmet Erkoc, modified 7 Years ago.

RE: CVE-2016-6325

New Member Posts: 3 Join Date: 10/20/16 Recent Posts

Samuel Kong:

Hi Ahmet

As you noted, CVE-2016-6325 is a vulnerability in Tomcat. It is not a vulnerability in Liferay Portal. So you can check on Tomcat's website for a patch / instructions on how to handle this vulnerability.

I thought that If I change something in tomcat or update this may broke application. Because my setup is bundle with tomcat. I will take a look. Thanks for quick reply.

David H Nebinger, modified 7 Years ago.

RE: CVE-2016-6325

Liferay Legend Posts: 14917 Join Date: 9/2/06 Recent Posts

There are changes Liferay makes to a bundle that make it different than an OOTB release.

That said, if you have concerns I'd suggest using a tool like BeyondCompare to compare the directories and review all changes and selectively pull in the updated changes.