Solved: Apache Tomcat Arbitrary File Upload Vulnerability

econyeiwu · ‎06-17-2016

I have a client going through PCI compliance check list and brought up to my attention of this vulnerability on a UCCX server. I understand Cisco is a package install and no custom modification is allowed. I have little knowledge on this subject but my question is, is this something that can be upgraded separately or does it require UCCX upgrade to a newer version to potentially get Apache Tomcat upgrade to fix this issue. Any help is appreciated. Thanks!

Clement

Deepak Rawat · ‎06-17-2016

As Jitender correctly informed, there is no possibility just to upgrade the Apache Tomcat since it is installed as a part of the package and not separately. Hence, you will need to upgrade your UCCX that has the fix for this vulnerability that in turn will upgrade the required Apache Tomcat or any other necessary files automatically.

Regards

Deepak

View solution in original post

Deepak Rawat · ‎06-17-2016

Glad that were able to help, please remember to mark the thread as Answered if there are no further questions on the topic.

Regards

Deepak

View solution in original post

Jitender Bhandari · ‎06-17-2016

You Can not separately upgrade a specific component in your case Tomcat on any UC device on linux.

HTH

JB

Deepak Rawat · ‎06-17-2016

As Jitender correctly informed, there is no possibility just to upgrade the Apache Tomcat since it is installed as a part of the package and not separately. Hence, you will need to upgrade your UCCX that has the fix for this vulnerability that in turn will upgrade the required Apache Tomcat or any other necessary files automatically.

Regards

Deepak

econyeiwu · ‎06-17-2016

Thank you guys so much. I appreciate the input. I just wanted to confirm that.

Deepak Rawat · ‎06-17-2016

Glad that were able to help, please remember to mark the thread as Answered if there are no further questions on the topic.

Regards

Deepak