Copy link to clipboard
Copied
Hello We are using ColdFusion 2016 for our production server and the following vulnerablity has been reported. Currently we are on the latest update which is Update 17.
Current Update:
ColdFusion 2016 Update 17 |
Update Level: 17 |
Update Type: Security |
Install Date: Tue, 07 Dec 2021 06:54:19 -0800 |
Below are the details for vulnerablity:
The detection logic checks for the following -
Software detected on this device
Apache Tomcat 8.5.32.0
Copy link to clipboard
Copied
Muhammad, I will share that if you are on CF2016 update 17, the Tomcat version should be 8.5.61.0. I have confirmed that on two machines where I've got that version and update installed. As such, I suspect there was an error during your CF update.
So I would recommend that you look at the hf-updates folder for the update 17, and look at the latest install log there (if you may have more than one). In that log, see the table (about 80 lines down) tracking the count of "successes" and "errors". If you have any fatal or nonfatal errors, it would confirm that your attempt to update had failed and you should try again. For more on all that, see a post I did in the past.
Let us know if any of the above helps, or what you may find if it seems not to.
Copy link to clipboard
Copied
Could it be that Tomcat 8.5.32.0 is used by some other installation, other than ColdFusion 2016 Update 17? To find out, open the ColdFusion Administrator. Click on the System Information (i) button in the top right-hand corner.
You will then see the Tomcat version on which ColdFusion 2016 Update 17 is running. What is it?