GlobalSign SSO 7.7.0 Release notes updated. Customers using the SSO versions 7.7.0, 7.6.0, 7.5.0, 7.4.0 or 7.3.3 are advised to mitigate vulnerability risk through reconfiguration of network proxy settings as described in the following CVE notification.

    VULNERABILITY IN TOMCAT

  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092
  • The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.
  • SSO 8.0, to be released by the end of november 2016 will contain tomcat version that does not have this vulnerability.
  • Before the release of the new version, there exists a workaround described in release notes.