The Apache Software Foundation has released Apache Tomcat 9.0.1 and 8.5.23 to address a vulnerability in previous versions of the software. A remote attacker could exploit this vulnerability to take control of an affected server.
US-CERT encourages users and administrators to review the Apache security advisory for CVE-2017-12617 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.