CVE-2017-12617 -- tomcat7, libservlet3.0-javaID: oval:org.secpod.oval:def:1900224 | Date: (C)2019-03-29 (M)2023-12-20 |
Class: VULNERABILITY | Family: unix |
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22,8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
Platform: |
Ubuntu 16.04 |
Ubuntu 18.10 |
Ubuntu 18.04 |
Product: |
tomcat7 |
libservlet3.0-java |