cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0
Upvote

ColdFusion 2016 Tomcat 8.5.32.0 Vulnerability

Muhammad Muds23567020f3aq
New Here ,
Mar 13, 2022 Mar 13, 2022

Copy link to clipboard

Copied

Hello We are using ColdFusion 2016 for our production server and the following vulnerablity has been reported. Currently we are on the latest update which is Update 17.

Current Update: 

ColdFusion 2016 Update 17
Update Level: 17
Update Type: Security
Install Date: Tue, 07 Dec 2021 06:54:19 -0800

 

Below are the details  for vulnerablity:

The detection logic checks for the following -

  • Software versions
  • Apache Tomcat versions 8.5.0 (including) up to 8.5.47 (including)

Software detected on this device

Apache Tomcat 8.5.32.0

Views

83

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 2 Replies 2
latest latest Jump to latest reply
Charlie Arehart Community Expert
Community Expert ,
Mar 13, 2022 Mar 13, 2022

Copy link to clipboard

Copied

Muhammad, I will share that if you are on CF2016 update 17, the Tomcat version should be 8.5.61.0.  I have confirmed that on two machines where I've got that version and update installed. As such, I suspect there was an error during your CF update.

 

So I would recommend that you look at the hf-updates folder for the update 17, and look at the latest install log there (if you may have more than one). In that log, see the table (about 80 lines down) tracking the count of "successes" and "errors". If you have any fatal or nonfatal errors, it would confirm that your attempt to update had failed and you should try again. For more on all that, see a post I did in the past.

 

Let us know if any of the above helps, or what you may find if it seems not to.


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
BKBK Community Expert
Community Expert ,
Mar 14, 2022 Mar 14, 2022

Copy link to clipboard

Copied

LATEST

Could it be that Tomcat 8.5.32.0 is used by some other installation, other than ColdFusion 2016 Update 17? To find out, open the ColdFusion Administrator. Click on the System Information (i) button in the top right-hand corner.

 

You will then see the Tomcat version on which ColdFusion 2016 Update 17 is running. What is it?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation
ColdFusion User Guide
Copyright © 2024 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices