Vulnerability Details : CVE-2017-12617
Public exploit exists!
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
Products affected by CVE-2017-12617
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.4_ppc64le:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.5_ppc64le:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.6_ppc64le:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.7_ppc64le:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4_ppc64:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.5_ppc64:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6_ppc64:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0_ppc64:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.4_s390x:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.5_s390x:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.6_s390x:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.7_s390x:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0_s390x:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:fuse:1.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.7:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_web_server_text-only_advisories:-:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
- Oracle » Mysql Enterprise MonitorVersions from including (>=) 3.4.0 and up to, including, (<=) 3.4.4.4226cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
- Oracle » Mysql Enterprise MonitorVersions from including (>=) 4.0.0 and up to, including, (<=) 4.0.0.5135cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:transportation_management:6.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:transportation_management:6.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:transportation_management:6.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:transportation_management:6.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:transportation_management:6.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:transportation_management:6.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:transportation_management:6.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_xstore_point_of_service:6.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_store_inventory_management:13.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_store_inventory_management:13.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_store_inventory_management:13.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_store_inventory_management:15.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_store_inventory_management:16.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_store_inventory_management:12.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_invoice_matching:12.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_invoice_matching:13.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_invoice_matching:13.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_invoice_matching:13.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_invoice_matching:14.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_invoice_matching:14.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_invoice_matching:16.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_back_office:14.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_back_office:14.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_point-of-service:14.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_point-of-service:14.1.3:*:*:*:*:*:*:*
- Oracle » Financial Services Analytical Applications InfrastructureVersions from including (>=) 7.3.3.0.0 and up to, including, (<=) 7.3.5.3.0cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
- Oracle » Financial Services Analytical Applications InfrastructureVersions from including (>=) 8.0.0.0.0 and up to, including, (<=) 8.0.9.0.0cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_returns_management:2.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_returns_management:2.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_returns_management:14.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_returns_management:14.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_central_office:14.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_central_office:14.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_order_broker:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_order_broker:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:12.1.0.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:micros_lucas:2.9.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_convenience_and_fuel_pos_software:2.1.132:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:agile_plm:9.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:workload_manager:12.2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:health_sciences_empirica_inspections:1.0.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_advanced_inventory_planning:13.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_advanced_inventory_planning:13.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_price_management:14.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_price_management:15.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_price_management:16.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_price_management:13.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_price_management:14.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_price_management:12.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_price_management:13.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_price_management:13.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:fmw_platform:12.2.1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:fmw_platform:12.2.1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_eftlink:1.1.124:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_eftlink:15.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_eftlink:16.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_order_management_system:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_order_management_system:4.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_order_management_system:4.7:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_order_management_system:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:management_pack:11.2.1.0.13:*:*:*:*:goldengate:*:*
- cpe:2.3:a:oracle:retail_insights:14.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_insights:14.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_insights:15.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_insights:16.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:tuxedo_system_and_applications_monitor:12.1.3.0.0:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*
- cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
- cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
- cpe:2.3:o:netapp:element:-:*:*:*:*:vcenter_server:*:*
Threat overview for CVE-2017-12617
Top countries where our scanners detected CVE-2017-12617
Top open port discovered on systems with this issue
80
IPs affected by CVE-2017-12617 139,821
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2017-12617!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
CVE-2017-12617 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Apache Tomcat Remote Code Execution Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
When running Apache Tomcat, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2017-12617
Added on
2022-03-25
Action due date
2022-04-15
Exploit prediction scoring system (EPSS) score for CVE-2017-12617
97.44%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2017-12617
-
Tomcat RCE via JSP Upload Bypass
Disclosure Date: 2017-10-03First seen: 2020-04-26exploit/multi/http/tomcat_jsp_upload_bypassThis module uses a PUT request bypass to upload a jsp shell to a vulnerable Apache Tomcat configuration. Authors: - peewpw
CVSS scores for CVE-2017-12617
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
8.1
|
HIGH | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.2
|
5.9
|
NIST | |
8.1
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.2
|
5.9
|
NIST | 2024-07-16 |
CWE ids for CVE-2017-12617
-
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-12617
-
https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E
svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/ - Pony Mail
-
https://www.exploit-db.com/exploits/43008/
Tomcat - Remote Code Execution via JSP Upload Bypass (Metasploit)Exploit;Third Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2018:0269
RHSA-2018:0269 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E
svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ - Pony Mail
-
https://access.redhat.com/errata/RHSA-2018:0465
RHSA-2018:0465 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.securityfocus.com/bid/100954
Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution VulnerabilityThird Party Advisory;VDB Entry
-
https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E
Apache Mail ArchivesMailing List;Patch
-
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03812en_us
HPESBHF03812 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Multiple VulnerabilitiesThird Party Advisory
-
https://support.f5.com/csp/article/K53173544
Third Party Advisory
-
https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E
Apache Mail ArchivesMailing List;Patch
-
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Oracle Critical Patch Update - April 2018Patch;Third Party Advisory
-
https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E
Pony Mail!
-
https://lists.apache.org/thread.html/3fd341a604c4e9eab39e7eaabbbac39c30101a022acc11dd09d7ebcb@%3Cannounce.tomcat.apache.org%3E
[SECURITY] CVE-2017-12617 Apache Tomcat Remote Code Execution via JSP upload - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E
Apache Mail ArchivesMailing List;Patch
-
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
Apache Mail ArchivesMailing List;Patch
-
https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E
svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ - Pony Mail
-
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Oracle Critical Patch Update - January 2018Patch;Third Party Advisory
-
https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E
svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/ - Pony Mail
-
https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E
svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/ - Pony Mail
-
https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E
svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/ - Pony Mail
-
http://www.securitytracker.com/id/1039552
Apache Tomcat HTTP PUT Request Processing Flaw Lets Remote Users Execute Arbitrary JSP Code on the Target System - SecurityTrackerThird Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2017:3113
RHSA-2017:3113 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E
Apache Mail ArchivesMailing List;Patch
-
https://access.redhat.com/errata/RHSA-2018:0268
RHSA-2018:0268 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E
Apache Mail ArchivesMailing List;Patch
-
https://www.exploit-db.com/exploits/42966/
Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution (2)Exploit;Third Party Advisory;VDB Entry
-
https://usn.ubuntu.com/3665-1/
USN-3665-1: Tomcat vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E
Apache Mail ArchivesMailing List;Patch
-
https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E
svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/ - Pony Mail
-
https://access.redhat.com/errata/RHSA-2018:0270
RHSA-2018:0270 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:0466
RHSA-2018:0466 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://security.netapp.com/advisory/ntap-20171018-0002/
CVE-2017-12617 Apache Tomcat Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E
Apache Mail ArchivesMailing List;Patch
-
https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E
Pony Mail!
-
https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E
svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/ - Pony Mail
-
https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E
svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ - Pony Mail
-
https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E
Apache Mail ArchivesMailing List;Patch
-
https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E
Apache Mail ArchivesMailing List;Patch
-
https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E
svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/ - Pony Mail
-
https://lists.apache.org/thread.html/3fd341a604c4e9eab39e7eaabbbac39c30101a022acc11dd09d7ebcb%40%3Cannounce.tomcat.apache.org%3E
[SECURITY] CVE-2017-12617 Apache Tomcat Remote Code Execution via JSP upload-Apache Mail ArchivesIssue Tracking;Mailing List
-
https://access.redhat.com/errata/RHSA-2018:0271
RHSA-2018:0271 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Oracle Critical Patch Update - April 2019Patch;Third Party Advisory
-
https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E
Apache Mail ArchivesMailing List;Patch
-
https://access.redhat.com/errata/RHSA-2017:3080
RHSA-2017:3080 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E
svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/ - Pony Mail
-
https://lists.debian.org/debian-lts-announce/2017/11/msg00009.html
[SECURITY] [DLA 1166-1] tomcat7 security updateMailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:2939
RHSA-2018:2939 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E
Apache Mail ArchivesMailing List;Patch
-
https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E
Apache Mail ArchivesMailing List;Patch
-
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
CPU July 2018Patch;Third Party Advisory
-
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/ - Pony Mail
-
https://security.netapp.com/advisory/ntap-20180117-0002/
January 2018 MySQL vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E
Apache Mail ArchivesMailing List;Patch
-
https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E
svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ - Pony Mail
-
https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E
Apache Mail ArchivesMailing List;Patch
-
https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E
Apache Mail ArchivesMailing List;Patch
-
https://access.redhat.com/errata/RHSA-2017:3114
RHSA-2017:3114 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E
svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/ - Pony Mail
-
https://access.redhat.com/errata/RHSA-2017:3081
RHSA-2017:3081 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:0275
RHSA-2018:0275 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us
HPESBUX03828 rev.2 - HP-UX Tomcat-based Servlet Engine, Remote Cache Poisoning or Security Constraint BypassThird Party Advisory
Jump to