Hello Bobbers,
I have been informed that my Apache / Tomcat 5.5.20 used in my BO installation has the following issues, I am running on Windows servers 3.1 sp5.
Apache Tomcat JavaDoc Spoofing Vulnerability
Non-Kernel
Web server
Apache Tomcat Multiple Content Length Headers Information Disclosure Vulnerability
Non-Kernel
Web server
I need to resolve these and not sure on the best approach / how others have done it ? I’ve had a look on the Apache / site and its not clear if I can just apply v5 patches to resolve the issues or if I need to do an upgrade to v6 Apache / Tomcat, has anyone else addressed the same vulnerabilities and if so did they patch it or upgrade ?
I’m confused further as I also have BO 4.1 using Apache / Tomcat 7.0.32 and this was also flagged as having different vulnerabilities, reading the SAP site it looks like 3.1 wont work with anything higher the Apache / Tomcat 7.0, so possibly I can’t resolve the issues I have on my 3.1 installs without doing a major upgrade to v4 ?
By the way I was informed I need to fix it all by Monday next week 
so if anyone has a time machine they can lend me please let me know 
Staple123 
(BOB member since 2014-08-13)
(BOB member since 2007-10-16)