Our Information Security Office has informed us that we need up update our server's Tomcat version to 8.0.47 or higher to mitigate CVE-2017-12617. How do we go about updating the Apache version that comes with JAMF Pro 9.101.0 to 8.0.47 or higher on a Windows 2012 server?
Question
Tomcat updates
+8
+18That CVE talks about if the default servlet is configured with the parameter readonly set to false or the WebDAV servlet is enabled with the parameter readonly set to false.
Both these values in the JSS are unset by default. Which means unless you've changed it you're not vulnerable
https://www.alphabot.com/security/blog/2017/java/Apache-Tomcat-RCE-CVE-2017-12617.html
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.