A vulnerability was discovered effecting several version of Apache Tomcat CVE-2017-5650. Upon review, iDashboards has never used the versions in question in our delivered installer packs. The iDashboards production installation and evaluation packages use Apache Tomcat 8.0.33 and prior depending on the age of your install.
To tell if your install was completed with the iDashboards installers under windows services you will see 'iDashboards Evaluation Server' or 'iDashboards Server' if you do not see these on your iDashboards server you might have a Base Tomcat installation. To find out what version you are running of Tomcat you can find the version two different way.
First:
In the Tomcat bin directory (..\Apache Software Foundation\Tomcat #.#\bin\version.bat) click on the vesrion.bat if your home java directory is setup that should give you the version number. If not..
Second:
Look in your Tomcat Logs directory (..\Apache Software Foundation\Tomcat #.#\logs) you should see a log with stderr (tomcat#-stderr.2017-##-##.log) in the name. If you open that log you should be able to find the server version line that looks something like 'Server version: Apache Tomcat/8.0.33".
Versions Affected:
- Apache Tomcat 9.0.0.M1 to 9.0.0.M18
- Apache Tomcat 8.5.0 to 8.5.12
Apache Tomcat 8.0.x and earlier are not affected
Mitigation:
Users of the affected versions should apply one of the following
- Upgrade to Apache Tomcat 8.5.13 or later
Note: iDashboards does not currently support Apache Tomcat 9 at this time.
If you have any question or would like assistance with your Tomcat installation please contact iDashboards Support.
Comments
0 comments
Please sign in to leave a comment.