Tomcat's vulnerability CVE-2023-44487
Issue
- Is DXP 7.4 affected by Tomcat's Rapid Reset CVE-2023-44487?
Resolution
- If user is not using Tomcat with DXP, then it is not affected by “Tomcat's Rapid Reset CVE-2023-44487”.
- If the user running Tomcat 9.0.81 or above, then you’re not affected by “Tomcat's Rapid Reset CVE-2023-44487”.
- If user have not configured Tomcat to use HTTP/2, then you’re not affected by “Tomcat's Rapid Reset CVE-2023-44487”.
- DXP is affected by CVE-2023-44487, it does include 3rd party libraries that are vulnerable to CVE-2023-44487.
- Finally, “Tomcat's Rapid Reset CVE-2023-44487” is a vulnerability in Tomcat and not a vulnerability in DXP.
订阅者专属内容
Liferay企业级订阅提供超过1500篇文章的访问权限,包括最佳范例,排查和解决问题,和其他有价值的解决方案。登录以获得全部权限。
登录
