tc Server Known Vulnerabilities and Issues
Components of tc Server
SpringSource tc Server is built with the following components. Please see the security advisories information for each component for more information on the security vulnerabilities and issues that may affect that component.
| Component | Security advisories |
|---|---|
| Apache Tomcat 6 | Tomcat 6 security advisories |
| AMS | AMS security advisories |
tc Server is built using the following versions of these components
| tc Server version | Apache Tomcat version | AMS version |
|---|---|---|
| 6.0.19.A | 6.0.19 | 2.0.0 |
| 6.0.20.A | 6.0.20 | 2.0.0 |
| 6.0.20.A-SR1 | 6.0.20 | 2.0.0.SR2 |
| 6.0.20.B | 6.0.20 | 2.0.0.SR2 |
| 6.0.20.C | 6.0.20 | 2.0.0.SR4 |
Note that CVE-2009-3548, a vulnerability in Apache Tomcat 6.0.20, does not affect tc Server since tc Server does not use the Windows installer provided with Tomcat.
Note that CVE-2009-3555, the SSL protocol MITM vulnerability, may be worked around via configuration. Details are provided on the Tomcat 6 security advisories page.
Known Vulnerabilities in tc Server
There are no known vulnerabilities in tc Server over and above those known to exist in the components of tc Server