Skip to main content

05/11/2017 Apache Tomcat Denial of Service

Aaron Olson
  • Updated

A vulnerability was discovered effecting several version of Apache Tomcat CVE-2017-5650. Upon review, iDashboards has never used the versions in question in our delivered installer packs. The iDashboards production installation and evaluation packages use Apache Tomcat 8.0.33 and prior depending on the age of your install. 

To know your install was completed with the iDashboards installers under windows services you will see iDashboards Evaluation Server or iDashboards Server if you do not see these on your iDashboards server you might have a Base Tomcat installation. There are two different ways to determine the version of your Tomcat Installation.

First: 

In the Tomcat bin directory (..\Apache Software Foundation\Tomcat #.#\bin\version.bat) click on the vesrion.bat if your home java directory is setup that should give you the version number. If not.. 

Second: 

Look in your Tomcat Logs directory (..\Apache Software Foundation\Tomcat #.#\logs) you should see a log with stderr (tomcat#-stderr.2017-##-##.log) in the name. If you open that log you should be able to find the server version line that looks like the following: Server version: Apache Tomcat/8.0.33

Versions Affected:

  • Apache Tomcat 9.0.0.M1 to 9.0.0.M18
  • Apache Tomcat 8.5.0 to 8.5.12

Apache Tomcat 8.0.x and earlier are not affected

Mitigation:

Users of the affected versions should apply one of the following

  • Upgrade to Apache Tomcat 8.5.13 or later

For More Information: Apache Tomcat: Denial of Service (CVE-2017-5650)

Note: iDashboards currently supports Apache Tomcat 8.5, 9.0, and 10.0.

Disclaimer: iDashboards Technical Support Engineers are not Server Administrators or Security Experts who know in depth knowledge of servers and/or security issues and their quirks. We often learn these skills on the job and have limited knowledge. We do our best to help you with your software in determining if: you are not leveraging the software in the best way for your data or you found a bug in the software, because we want to assist you in your success.

If the you have any questions or the above is unable to resolve the issue, then please contact iDashboards Support for further assistance.

 

Related articles

Comments

0 comments

Please sign in to leave a comment.