Tomcat 6 and Java
Our Information Security team has brought forward a few concerns and would like to know what are Manage Engines plans to address the following:
- Tomcat 6
- End Of Life 12/31/2016 (http://tomcat.apache.org/tomcat-60-eol.html)
- Numerous high-severity vulnerabilities publicly documented.
- High — Java 1.7.0_55
- Limited Encryption Algorithm Selection in Java 7 especially when considering forward compatibility
- End of Life September 2017 (http://www.oracle.com/technetwork/java/eol-135779.html#Java6-end-public-updates).
- All versions of Java 1.7, including the final update (7u80), have high and critical vulnerabilities. If possible, the latest version of Java 8 must be used.
Thank you,
Topic Participants
Oscar N Fuentes
ADSelfService Plus