You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
CVE-2017-12617 - High Severity Vulnerability
Vulnerable Library - tomcat-embed-core-8.5.11.jar
Core Tomcat implementation
path: /root/.gradle/caches/modules-2/files-2.1/org.apache.tomcat.embed/tomcat-embed-core/8.5.11/72761f51fc7cef3ee19d4aafc7adc605df9f611f/tomcat-embed-core-8.5.11.jar
Library home page: http://tomcat.apache.org/
Dependency Hierarchy:
Vulnerability Details
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
Publish Date: 2017-10-04
URL: CVE-2017-12617
CVSS 3 Score Details (8.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: http://www.securitytracker.com/id/1039552
Fix Resolution: The vendor has issued a fix (7.0.82, 8.0.47, 9.0.1).
The vendor advisories are available at:
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.82
http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.47
http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.1
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: