Tomcat Version (Vulnerabilities)

Posted by Roger Blanchard on 04-Oct-2017 07:42

Does anyone know if we can use new versions of tomcat with OE 11.4?

According to this article dated 12/17/2015 PSC has not tested anything newer than Tomcat 7.

https://knowledgebase.progress.com/articles/Article/000040810

Since there are know vulnerabilities in that version does PSC plan to certify newer versions? If not are there any known issues with us trying to use Tomcat version 9?

Thanks in advance.

National Cyber Awareness System:

 
Apache Releases Security Updates for Apache Tomcat
10/03/2017 05:26 PM EDT

Original release date: October 03, 2017

The Apache Software Foundation has released Apache Tomcat 9.0.1 and 8.5.23 to address a vulnerability in previous versions of the software. A remote attacker could exploit this vulnerability to take control of an affected server.

US-CERT encourages users and administrators to review the Apache security advisory for CVE-2017-12617 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


 

A copy of this publication is available at www.us-cert.gov. If you need help or have questions, please send an email to info@us-cert.gov. Do not reply to this message since this email was sent from a notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT@ncas.us-cert.gov to your address book.

 

OTHER RESOURCES:

Contact Us | Security Publications | Alerts and Tips | Related Resources

 

STAY CONNECTED:

SUBSCRIBER SERVICES:
Manage Preferences  |  Unsubscribe  |  Help

All Replies

This thread is closed