CVE-2017-12617 -- tomcat7, libservlet3.0-java| ID: oval:org.secpod.oval:def:1900224 | Date: (C)2019-03-29 (M)2023-12-20 |
| Class: VULNERABILITY | Family: unix |
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22,8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
| Platform: |
| Ubuntu 16.04 |
| Ubuntu 18.10 |
| Ubuntu 18.04 |
| Product: |
| tomcat7 |
| libservlet3.0-java |
