Michael,
> Am 13.02.2019 um 22:03 schrieb Adams, Michael :
>
> Christopher,
> Thanks for your input. It was very helpful. This afternoon, my
> InfoSecurity technician who runs the Tripwire app believes Apache Tomcat vs
> 8.5.13 is being flagged for the CVE-2017-12617 vulnerability solely
Christopher,
Thanks for your input. It was very helpful. This afternoon, my InfoSecurity
technician who runs the Tripwire app believes Apache Tomcat vs 8.5.13 is being
flagged for the CVE-2017-12617 vulnerability solely off of the version.
Tripwire isn't trying to see if HTTP PUT is
Mark,
Thanks for your input. It was very helpful. My InfoSecurity technician who
runs the Tripwire app believes Apache Tomcat vs 8.5.13 is being flagged for the
CVE-2017-12617 vulnerability solely off of the version. Tripwire isn't trying
to see if HTTP PUT is enabled. He is opening a
Mike,
You have nothing to worry about. As long as readonly was never
explicitly set to false, you have not been vulnerable to CVE-2017-12617
at any point.
readonly is true by default. CVE-2017-12617 only applies if readonly is
false which requires explicit configuration.
I'm curious what tests
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Michael,
On 2/13/19 13:35, Adams, Michael wrote:
> I currently am running Apache Tomcat 8.5.13.0 on Windows Server
> 2012 R2 servers to support a NCR Aptra Vision application. A
> Tripwire vulnerability scan showed the servers have the Apache
>
TomCat users.
I currently am running Apache Tomcat 8.5.13.0 on Windows Server 2012 R2 servers
to support a NCR Aptra Vision application. A Tripwire vulnerability scan
showed the servers have the Apache Tomcat CVE-2017-12617 Vulnerability. To
mitigate I see I could upgrade to Apache Tomcat
On 12/02/2019 22:26, Christopher Schultz wrote:
> Mark,
>
> On 2/12/19 13:27, Mark Thomas wrote:
>> Try again. Prompted for certificate. Select valid cert. Connection
>> refused. Ah. the trust store again. Switch back to the OpenSSL
>> config.
>
> This is a real point of confusion for users...