Jamf Nation Community

jarradyuhas · ‎10-31-2017

Our Information Security Office has informed us that we need up update our server's Tomcat version to 8.0.47 or higher to mitigate CVE-2017-12617. How do we go about updating the Apache version that comes with JAMF Pro 9.101.0 to 8.0.47 or higher on a Windows 2012 server?

rderewianko · ‎10-31-2017

That CVE talks about if the default servlet is configured with the parameter readonly set to false or the WebDAV servlet is enabled with the parameter readonly set to false.

Both these values in the JSS are unset by default. Which means unless you've changed it you're not vulnerable
https://www.alphabot.com/security/blog/2017/java/Apache-Tomcat-RCE-CVE-2017-12617.html

jarradyuhas · ‎11-01-2017

Thanks Ross!

Jamf Nation Community

Tomcat updates