7 Replies Latest reply on May 3, 2017 5:26 AM by cranstonit

    FileMaker Server 14 - Apache and/or Tomcat not patched for HTTPoxy?

    nciske

      Have a client failing a PCI scan on their static IP (which FM server runs behind) because port 8081 (Tomcat) is open and the version of Tomcat that ships with FMS does not appear to be patched for HTTPoxy (or so it appears).

       

      https://httpoxy.org/

       

      https://www.apache.org/security/asf-httpoxy-response.txt

       

      The fix for Tomcat looks like no fun to apply and I suspect would be overwritten by an update.

       

      Which brings up a few questions:

       

      1. Is there a patch planned for FMS 14?
      2. Is FMS 15 patched against this issue?
      3. If we upgrade to FMS 15 to patch this... will it fail the TLS check again?
        Re: FileMaker Server TLS version?

       

      Hoping RosemaryTietge can shed some light here...?