Help

Tomcat updates

jarradyuhas
Contributor

Posted on ‎10-31-2017 12:06 PM

Our Information Security Office has informed us that we need up update our server's Tomcat version to 8.0.47 or higher to mitigate CVE-2017-12617. How do we go about updating the Apache version that comes with JAMF Pro 9.101.0 to 8.0.47 or higher on a Windows 2012 server?

Labels:
0 Kudos
2 REPLIES 2

rderewianko
Valued Contributor II

Posted on ‎10-31-2017 12:56 PM

That CVE talks about if the default servlet is configured with the parameter readonly set to false or the WebDAV servlet is enabled with the parameter readonly set to false.

Both these values in the JSS are unset by default. Which means unless you've changed it you're not vulnerable
https://www.alphabot.com/security/blog/2017/java/Apache-Tomcat-RCE-CVE-2017-12617.html

jarradyuhas
Contributor

Posted on ‎11-01-2017 05:28 AM

Thanks Ross!