ColdFusion 2016 Tomcat 8.5.32.0 Vulnerability

Question

Hello We are using ColdFusion 2016 for our production server and the following vulnerablity has been reported. Currently we are on the latest update which is Update 17.

Current Update:

ColdFusion 2016 Update 17

Update Level: 17

Update Type: Security

Install Date: Tue, 07 Dec 2021 06:54:19 -0800

Below are the details for vulnerablity:

The detection logic checks for the following -

Software versions

Apache Tomcat versions 8.5.0 (including) up to 8.5.47 (including)

Software detected on this device

Apache Tomcat 8.5.32.0

Charlie Arehart · Answer

Muhammad, I will share that if you are on CF2016 update 17, the Tomcat version should be 8.5.61.0. I have confirmed that on two machines where I've got that version and update installed. As such, I suspect there was an error during your CF update.

So I would recommend that you look at the hf-updates folder for the update 17, and look at the latest install log there (if you may have more than one). In that log, see the table (about 80 lines down) tracking the count of "successes" and "errors". If you have any fatal or nonfatal errors, it would confirm that your attempt to update had failed and you should try again. For more on all that, see a post I did in the past.

Let us know if any of the above helps, or what you may find if it seems not to.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded