Summary: Tableau Software has confirmed that currently supported versions of Tableau Server are not impacted by CVE-2017-12615, CVE-2017-12616 or CVE-2017-12617. 


Tableau Server uses a vulnerable version of Apache Tomcat, but the implementation does not set the readonly initialization parameter, as specified in CVE-2017-12615 and CVE-2017-12617.   Additionally, Tableau Server does not implement VirtualDirContexts as specified in CVE-2017-12616. 


Apache Tomcat will be updated to a later version in a future maintenance release.