Search

Security ID : NAS-201711-10

Security Advisory for Multiple Vulnerabilities in Apache Tomcat

  • Release date : November 10, 2017

  • CVE identifier : CVE-2017-12615, CVE-2017-12616

  • Affected products: All QNAP devices running QTS with Apache Tomcat version 7.0.75 or earlier

Severity

Important

Status

Resolved

Summary

A number of vulnerabilities have been discovered on Apache Tomcat. If exploited, these security flaws may expose NAS devices using Tomcat 7.0.75 or earlier to possible remote code execution attacks or allow attackers to access sensitive information.

Apache has already fixed these vulnerabilities in Tomcat 7.0.81.

Recommendations

To resolve the issue, you must update your Apache Tomcat to version 7.0.81.

Upgrading to Apache Tomcat to Version 7.0.81

  1. Log on to QTS as administrator.
  2. Open the App Center, and then click the Search icon.
    A search box appears.
  3. Type “Tomcat”, and then press ENTER.
    The Apache Tomcat application appears in the search results list.
  4. Click Update.
    A confirmation message appears.
  5. Click OK.
    The application is updated.

Revision History: 2017-11-10

Choose specification

      Show more Less

      Choose Your Country or Region

      open menu
      back to top