[KYLIN-2891] Upgrade Tomcat to 7.0.82. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: v2.0.0, v2.1.0
Fix Version/s: v2.2.0
Component/s: Website
Labels:
- patch

Flags:

Patch, Important

Description

【Security Vulnerability Alert】Tomcat Information leakage and remote code execution vulnerabilities.
CVE ID:

CVE-2017-12617

Description

When running with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

Scope

Affects: 7.0.0 to 7.0.81

Solution

The official release of the Apache Tomcat 7.0.82 version has fixed the  vulnerability and recommends upgrading to the 7.0.82 version.

Reference

https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.82

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

0001-KYLIN-2891-Tomcat-Security-Vulnerability-Alert.-The-.patch
11/Oct/17 02:08
1 kB
peng.jianhua

Activity

People

Assignee:: peng.jianhua

Reporter:: peng.jianhua

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 22/Sep/17 06:16

Updated:: 03/Nov/17 16:48

Resolved:: 11/Oct/17 02:47