A vulnerability was discovered effecting several version of Apache Tomcat CVE-2017-5650. Upon review, we have never used the versions in question in our delivered installer packs. The production installation and evaluation packages use Apache Tomcat 8.0.33 and prior depending on the age of your install.
To know your install was completed with the installers under windows services you will see Dashboard Evaluation Server or Dashboard Server if you do not see these on your dashboards server you might have a Base Tomcat installation. There are two different ways to determine the version of your Tomcat Installation.
First:
In the Tomcat bin directory (..\Apache Software Foundation\Tomcat #.#\bin\version.bat) click on the vesrion.bat if your home java directory is setup that should give you the version number. If not..
Second:
Look in your Tomcat Logs directory (..\Apache Software Foundation\Tomcat #.#\logs) you should see a log with stderr (tomcat#-stderr.2017-##-##.log) in the name. If you open that log you should be able to find the server version line that looks like the following: Server version: Apache Tomcat/8.0.33.
Versions Affected:
- Apache Tomcat 9.0.0.M1 to 9.0.0.M18
- Apache Tomcat 8.5.0 to 8.5.12
Apache Tomcat 8.0.x and earlier are not affected
Mitigation:
Users of the affected versions should apply one of the following
- Upgrade to Apache Tomcat 8.5.13 or later
For More Information: Apache Tomcat: Denial of Service (CVE-2017-5650)
Note: We currently supports Apache Tomcat 8.5, 9.0, and 10.0.
Disclaimer: Technical Support Engineers are not Server Administrators or Security Experts who know in depth knowledge of servers and/or security issues and their quirks. We often learn these skills on the job and have limited knowledge. We do our best to help you with your software in determining if: you are not leveraging the software in the best way for your data or you found a bug in the software, because we want to assist you in your success.
If the you have any questions or the above is unable to resolve the issue, then please contact Dashboard Support for further assistance.
Comments
0 comments
Please sign in to leave a comment.