Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

tomcat security vulnerability CVE-2017-12615

tomcat security vulnerability CVE-2017-12615

Explorer

Customer found the tomcat security vulnerability CVE-2017-12615 on the third node of CDH 5.15 cluster .

 

How to fix this CVE-2017-12615 issue?

1 REPLY 1

Re: tomcat security vulnerability CVE-2017-12615

Explorer

This flaw affects Tomcat on oracle Enterprise Linux only when a specific context is configured with readonly=false. The default configuration has a readonly context, so it is not affected. Ensure that readonly is set to true (by default, it is true even not mentioned in web.xml) for the DefaultServlet, WebDAV servlet or application context. Example – Depending upon what version you are, there are many web.xml for each service. [root@labUSbda07 ~]# vi /opt/cloudera/parcels/CDH-5.10.0-1.cdh5.10.0.p0.41/etc/oozie/tomcat-conf.http/conf/web.xml [root@labUSbda07 ~]# vi /opt/cloudera/parcels/CDH-5.13.1-1.cdh5.13.1.p0.2/etc/oozie/tomcat-conf.http/conf/web.xml more /opt/cloudera/parcels/CDH-5.13.1-1.cdh5.13.1.p0.2/etc/oozie/tomcat-conf.http/conf/web.xml Servlet content on my Lab server

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

default org.apache.catalina.servlets.DefaultServlet debug 0 listings false 1 Readonly parameter’s default value is picked here