cat.apache.org
> Subject: [External] Re: Question regarding mitigating the CVE-2017-12617
> vulnerability
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Michael,
>
>> On 2/13/19 13:35, Adams, Michael wrote:
>> I currently am running Apache Tomcat 8.5.13.0
bject: [External] Re: Question regarding mitigating the CVE-2017-12617
vulnerability
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Michael,
On 2/13/19 13:35, Adams, Michael wrote:
> I currently am running Apache Tomcat 8.5.13.0 on Windows Server
> 2012 R2 servers to support a NCR A
ing a false positive ticket with the
Tripwire vendor to get more information on their check.
Mike
-Original Message-
From: Mark Thomas [mailto:ma...@apache.org]
Sent: Wednesday, February 13, 2019 1:20 PM
To: users@tomcat.apache.org
Subject: [External] Re: Question regarding mitigating th
Mike,
You have nothing to worry about. As long as readonly was never
explicitly set to false, you have not been vulnerable to CVE-2017-12617
at any point.
readonly is true by default. CVE-2017-12617 only applies if readonly is
false which requires explicit configuration.
I'm curious what tests T
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Michael,
On 2/13/19 13:35, Adams, Michael wrote:
> I currently am running Apache Tomcat 8.5.13.0 on Windows Server
> 2012 R2 servers to support a NCR Aptra Vision application. A
> Tripwire vulnerability scan showed the servers have the Apache
> Tom
TomCat users.
I currently am running Apache Tomcat 8.5.13.0 on Windows Server 2012 R2 servers
to support a NCR Aptra Vision application. A Tripwire vulnerability scan
showed the servers have the Apache Tomcat CVE-2017-12617 Vulnerability. To
mitigate I see I could upgrade to Apache Tomcat 8.5.