dm Server Known Vulnerabilities and Issues
Components of dm Server
SpringSource dm Server is built with the following components. Please see the security advisories information for each component for more information on the security vulnerabilities and issues that may affect that component.
| Component | Security advisories |
|---|---|
| Apache Tomcat 6 | Tomcat 6 security advisories |
| Spring Framework | Spring Framework security advisories |
dm Server is built using the following versions of these components
| dm Server version | Apache Tomcat version | Spring Framework version |
|---|---|---|
| 2.0.0.RELEASE | 6.0.20.S2-r5956 | 3.0.0.RELEASE |
| 1.0.2.SR02 | 6.0.18 | 2.5.6.A |
Note that CVE-2009-3548, a vulnerability in Apache Tomcat 6.0.20, does not affect dm Server since dm Server does not use the Windows installer provided with Tomcat.
Note that CVE-2009-3555, the SSL protocol MITM vulnerability, may be worked around via configuration. Details are provided on the Tomcat 6 security advisories page.
Known Vulnerabilities in dm Server
There are no known vulnerabilities in dm Server over and above those known to exist in the components of dm Server