Taipei, Taiwan, November 10, 2017 - QNAP® had published security enhancement against security vulnerabilities that could affect specific versions of QNAP products. Please use the following information and solutions to correct the security issues and vulnerabilities.
Security Advisory for Multiple Vulnerabilities in Apache Tomcat
Release date: 2017/11/10
Last updated: 2017/11/10
Security ID: NAS-201711-10
Severity rating: High
CVE identifier: CVE-2017-12615, CVE-2017-12616
Affected products:
- All QNAP devices running QTS with Apache Tomcat version 7.0.75 or earlier
Summary
A number of vulnerabilities have been discovered on Apache Tomcat. If exploited, these security flaws may expose NAS devices using Tomcat 7.0.75 or earlier to possible remote code execution attacks or allow attackers to access sensitive information.
Apache has already fixed these vulnerabilities in Tomcat 7.0.81.
Solution
To resolve the issue, you must update your Apache Tomcat to version 7.0.81.
Upgrading to Apache Tomcat to Version 7.0.81
- Log on to QTS as administrator.
- Open the App Center, and then click the Search icon.
A search box appears.
- Type “Tomcat”, and then press ENTER.
The Apache Tomcat application appears in the search results list.
- Click Update.
A confirmation message appears.
- Click OK.
The application is updated.
If you have any questions regarding this issue, please contact us at
http://helpdesk.qnap.com/.