Oval Definition:oval:com.ubuntu.xenial:def:2017126150000000
Revision Date:2017-09-19Version:1
Title:CVE-2017-12615 on Ubuntu 16.04 LTS (xenial) - medium.
Description:When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2017-12615
Platform(s):Ubuntu 16.04 LTS
Product(s):
Definition Synopsis
  • Ubuntu 16.04 LTS (xenial) is installed.
  • AND Package Information
  • NOT libservlet3.0-java package in xenial, while related to the CVE in some way, is not affected (note: 'windows only').
  • OR NOT libtomcat7-java package in xenial, while related to the CVE in some way, is not affected (note: 'windows only').
  • OR NOT tomcat7 package in xenial, while related to the CVE in some way, is not affected (note: 'windows only').
  • OR NOT tomcat7-admin package in xenial, while related to the CVE in some way, is not affected (note: 'windows only').
  • OR NOT tomcat7-common package in xenial, while related to the CVE in some way, is not affected (note: 'windows only').
  • OR NOT tomcat7-examples package in xenial, while related to the CVE in some way, is not affected (note: 'windows only').
  • OR NOT tomcat7-user package in xenial, while related to the CVE in some way, is not affected (note: 'windows only').
  • BACK