Showing 1 - 3 of 3

CVE-2017-12616

Status Candidate

Overview

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.

Related Files

Ubuntu Security Notice USN-3665-1: Posted May 31, 2018; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 3665-1 - It was discovered that Tomcat incorrectly handled being configured with HTTP PUTs enabled. A remote attacker could use this issue to upload a JSP file to the server and execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 17.10. It was discovered that Tomcat contained incorrect documentation regarding description of the search algorithm used by the CGI Servlet to identify which script to execute. This issue only affected Ubuntu 17.10. Various other issues were also addressed.; tags | advisory, remote, web, arbitrary, cgi; systems | linux, ubuntu; advisories | CVE-2017-12616, CVE-2017-12617, CVE-2017-15706, CVE-2018-1304, CVE-2018-1305, CVE-2018-8014; SHA-256 | adc3401f4c6099499fc7f32dd5cfa60804e4fe107e205fa1ebecec9060700bf5; Download | Favorite | View

Red Hat Security Advisory 2018-0465-01: Posted Mar 7, 2018; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2018-0465-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 2 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Multiple security issues have been addressed.; tags | advisory, java, web; systems | linux, redhat; advisories | CVE-2017-12613, CVE-2017-12615, CVE-2017-12616, CVE-2017-12617, CVE-2017-15698, CVE-2018-1304, CVE-2018-1305; SHA-256 | fc2ac908d0bafcba8906caa1a1fcfa1bcf09381311da134d34b27b4e2a339c72; Download | Favorite | View

Red Hat Security Advisory 2018-0466-01: Posted Mar 7, 2018; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2018-0466-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 2 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Multiple security issues have been addressed.; tags | advisory, java, web; systems | linux, redhat; advisories | CVE-2017-12613, CVE-2017-12615, CVE-2017-12616, CVE-2017-12617, CVE-2017-15698, CVE-2018-1304, CVE-2018-1305; SHA-256 | 68179df4be23fc5ae853a6269f702f02d3b88b7dda20c7e7f949e30659effdff; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 380 files
Ubuntu 86 files
Debian 26 files
Gentoo 18 files
tmrswrr 10 files
Ph0s 5 files
R0ckE7 5 files
Rahad Chowdhury 4 files
Google Security Research 4 files
Chizuru Toyama 3 files

File Archives

Systems

AIX (429)
Apple (2,037)
BSD (375)
CentOS (57)
Cisco (1,926)
Debian (6,910)
Fedora (1,692)
FreeBSD (1,246)
Gentoo (4,379)
HPUX (880)
iOS (363)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (47,831)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (486)
RedHat (14,615)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,131)
UNIX (9,339)
UnixWare (187)
Windows (6,606)
Other

CVE-2017-12616

Overview

Related Files

File Archive:

November 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems