bject: [External] Re: Question regarding mitigating the CVE-2017-12617
vulnerability
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Michael,
On 2/13/19 13:35, Adams, Michael wrote:
> I currently am running Apache Tomcat 8.5.13.0 on Windows Server
> 2012 R2 servers to support a NCR A
ation.
I'm curious what tests Tripwire is performing to determine that this
vulnerability is present. I wonder if it is relying on an OPTIONS
request to determine if PUT is enabled? The problem with that is that
OPTIONS tells you what is supported, not what is permitted.
Mark
On 13/02/2019 18
TomCat users.
I currently am running Apache Tomcat 8.5.13.0 on Windows Server 2012 R2 servers
to support a NCR Aptra Vision application. A Tripwire vulnerability scan
showed the servers have the Apache Tomcat CVE-2017-12617 Vulnerability. To
mitigate I see I could upgrade to Apache Tomcat 8.5.
