Is ivy affected by the newly found Apache Tomcat RCE vulnerabilities (CVE-2017-12615 and CVE-2017-12617) ?

Two Remote code execution (RCE) security vulnerabilities affecting all versions of Apache Tomcat have been found last week.

CVE-2017-12615 (RCE when readonly set to false, affects Tomcat < 7.0.81 on Windows)

CVE-2017-12617 (RCE when readonly set to false, affects all Tomcat versions on all Operating systems)

security

asked 25.09.2017 at 03:53

SupportIvyTeam ♦♦
1.4k●102●118●122
accept rate: 77%

edited 25.09.2017 at 03:54

One Answer:

active answers oldest newest most voted

To our knowledge gathered by analyzing our source code and by performing security tests ivy is NOT affected.

Additionally, current available information shows that the vulnerabilities do not affect normal Tomcat installations, but Tomcats that have the readonly param set to false on the default servlet and Tomcats using the WebDAV servlet. Ivy does not have the readonly param set to false and does not use the WebDAV servlet.

Also, see information here and here.

link

answered 25.09.2017 at 04:13

SupportIvyTeam ♦♦
1.4k●102●118●122
accept rate: 77%

Your answer

toggle preview

community wiki:

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

*italic* or _italic_
**bold** or __bold__
link:[text](http://url.com/ "Title")
image?![alt text](/path/img.jpg "Title")
numbered list: 1. Foo 2. Bar
to add a line break simply add two spaces to where you would like the new line to be.
basic HTML tags are also supported

learn more about Markdown

Tags:

security ×40

Asked: 25.09.2017 at 03:53

Seen: 1,943 times

Last updated: 25.09.2017 at 04:13

Is ivy affected by the newly found Apache Tomcat RCE vulnerabilities (CVE-2017-12615 and CVE-2017-12617) ?

Follow this question

Related questions