MGASA-2017-0400

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2017-0400.html

Import Source

https://advisories.mageia.org/MGASA-2017-0400.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2017-0400

Related

CVE-2017-12617

Published

2017-11-02T21:47:07Z

Modified

2017-11-02T21:10:18Z

Summary

Updated tomcat packages fix security vulnerability

Details

When running with HTTP PUTs enabled (e.g. via setting the readonly initialization parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server (CVE-2017-12617).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / tomcat

Package

Name: tomcat
Purl: pkg:rpm/mageia/tomcat?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.82-1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / tomcat

Package

Name: tomcat
Purl: pkg:rpm/mageia/tomcat?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.0.47-1.mga6

Ecosystem specific

{
    "section": "core"
}