AnsweredAssumed Answered

Apache Tomcat Vulnerabilities

Question asked by Chris_Armstrong on Sep 21, 2017
Latest reply on Nov 29, 2018 by saju_mathew



Looks like there are a couple of Apache Tomcat vulnerabilities that may affect UIM and UMP, up to version 8.51.  On the us-gov.cert site, it states:


The Apache Foundation has released security updates to address vulnerabilities in Apache Tomcat. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected server. 

US-CERT encourages users and administrators to review the Apache advisories for CVE-2017-12615 and CVE-2017-12616 for more information and apply the necessary updates.

Is the UMP and/or UIM affected by these?  Versions 8.47 and 8.51, per the release notes, have a 3rd party agreement with Tomcat versions 4.1.31 and 7.0.69.  The recommended fix is to upgrade to Apache Tomcat 7.0.81.