Severity: Medium

 

Summary: The latest release of Tableau Server includes an updated version of Apache HTTPD (2.4.26). Apache HTTPD 2.4.26 fixes five vulnerabilities. Specifically, Apache HTTPD 2.4.26 fixes a MIME overread vulnerability (CVE-2017-7679) that exposes the potential to disclose sensitive information.

 

Impact: A malicious exploit of the MIME overread vulnerability could result in sensitive information disclosure.

 

Vulnerable Versions: Tableau Server 9.0.0 (through 9.0.23), 9.1.0 (through 9.1.20), 9.2.0 (through 9.2.19) 9.3.0 (through 9.3.17), 10.0.0 (through 10.0.12), 10.1.0 (through 10.1.10), 10.2.0 (through 10.2.4), 10.3.0 (through 10.3.2)

 

Resolution: The issue can be fixed by upgrading to the following versions:

 

Tableau Server 9.0.24

Tableau Server 9.1.21

Tableau Server 9.2.20

Tableau Server 9.3.18

Tableau Server 10.0.13

Tableau Server 10.1.11

Tableau Server 10.2.5

Tableau Server 10.3.3

 

More information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679

 

Updates:

10/18/2017 - updated resolution to include fixes in 9.0 through 9.3