Search

Security ID : NAS-201711-10

Security Advisory for Multiple Vulnerabilities in Apache Tomcat

  • Release date : November 10, 2017

  • CVE identifier : CVE-2017-12615, CVE-2017-12616

  • Affected products: All QNAP devices running QTS with Apache Tomcat version 7.0.75 or earlier

Severity

Important

Status

Resolved

Summary

A number of vulnerabilities have been discovered on Apache Tomcat. If exploited, these security flaws may expose NAS devices using Tomcat 7.0.75 or earlier to possible remote code execution attacks or allow attackers to access sensitive information.

Apache has already fixed these vulnerabilities in Tomcat 7.0.81.

Recommendations

To resolve the issue, you must update your Apache Tomcat to version 7.0.81.

Upgrading to Apache Tomcat to Version 7.0.81

  1. Log on to QTS as administrator.
  2. Open the App Center, and then click the Search icon.
    A search box appears.
  3. Type “Tomcat”, and then press ENTER.
    The Apache Tomcat application appears in the search results list.
  4. Click Update.
    A confirmation message appears.
  5. Click OK.
    The application is updated.

Revision History: 2017-11-10

選擇規格

      顯示更多 隱藏更多

      選擇其他偏好的語言:

      open menu
      back to top