Revision Date: | 2017-09-19 | Version: | 1 | Title: | CVE-2017-12615 on Ubuntu 16.04 LTS (xenial) - medium. | Description: | When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
| Family: | unix | Class: | vulnerability | Status: | | Reference(s): | CVE-2017-12615
| Platform(s): | Ubuntu 16.04 LTS
| Product(s): | | Definition Synopsis | Ubuntu 16.04 LTS (xenial) is installed. AND Package Information
NOT libservlet3.0-java package in xenial, while related to the CVE in some way, is not affected (note: 'windows only').
OR NOT libtomcat7-java package in xenial, while related to the CVE in some way, is not affected (note: 'windows only').
OR NOT tomcat7 package in xenial, while related to the CVE in some way, is not affected (note: 'windows only').
OR NOT tomcat7-admin package in xenial, while related to the CVE in some way, is not affected (note: 'windows only').
OR NOT tomcat7-common package in xenial, while related to the CVE in some way, is not affected (note: 'windows only').
OR NOT tomcat7-examples package in xenial, while related to the CVE in some way, is not affected (note: 'windows only').
OR NOT tomcat7-user package in xenial, while related to the CVE in some way, is not affected (note: 'windows only').
|
|