drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in tomcat7
| Name: |
Zwei Probleme in tomcat7 |
|
| ID: |
USN-7282-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 16.04 LTS |
|
| Datum: |
Di, 4. März 2025, 07:44 |
|
| Referenzen: |
https://www.cve.org/CVERecord?id=CVE-2017-12616
https://www.cve.org/CVERecord?id=CVE-2017-12617 |
|
| Applikationen: |
Apache Tomcat |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============0340253876457818274==
Content-Language: en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="------------rduaIHY67WUoYGHOFD6bw2oa"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------rduaIHY67WUoYGHOFD6bw2oa
Content-Type: multipart/mixed;
boundary="------------4tFwvZ5Eyu4uBuMl2xNrZa5W";
protected-headers="v1"
From: Nico Campuzano <nicolas.campuzano@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <d4f9564e-dcba-4fbb-b99a-3eadf929d489@canonical.com>
Subject: [USN-7282-1] tomcat7 vulnerabilities
--------------4tFwvZ5Eyu4uBuMl2xNrZa5W
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64
==========================================================================
Ubuntu Security Notice USN-7282-1
February 21, 2025
tomcat7 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
tomcat7 could be made to execute arbitrary code.
Software Description:
- tomcat7: Servlet and JSP engine
Details:
It was discovered that Tomcat incorrectly handled being configured with
HTTP PUTs enabled. A remote attacker could use this issue to upload a JSP
file to the server and execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS
libtomcat7-java 7.0.68-1ubuntu0.4+esm3
Available with Ubuntu Pro
tomcat7 7.0.68-1ubuntu0.4+esm3
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7282-1
CVE-2017-12616, CVE-2017-12617
--------------4tFwvZ5Eyu4uBuMl2xNrZa5W--
--------------rduaIHY67WUoYGHOFD6bw2oa
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEEKl1CaPno2Qy4/AU8lFzKVeTWQe4FAme9aDIFAwAAAAAACgkQlFzKVeTWQe6y
6w/9FEGf4b1ptyfyvBdhG4tXiErmXxQH4HiBL3VTGiP33B2G7gi09ddqZmGi1sryicxsFYzhWY0f
XHjJMxD4lYTf58mWm51VhXHdDAh8qdlqkpdaeByWURQsuBUQqVSkebkaw4toDKRLwHYWFuCMJk9k
W9s66je0DaIjjeZq9Lfh+zDNb+E1DR1GMiCVPgzLg0Zpb12Q6NIkVDhxDTXvp5nbrayFEpn6VrFg
X0rzx96SPMF8nEMxdOV014Yg3QRoPlIBj6vke6kTeJ1C7htzrKSOgypy26zUDeLHUWLO3HDtnqOk
TdD7qr4m6PmiNigNFKQNKjAeLt3w01JdujZqF5lS+13Y3ieEFv3NJgMD0x5mhC9qxc7Jmy/QQiad
+9M0tq65wd4g5n3hEmnOL0QfpDblU9HxQVo1Nhi+Fpdv4rp2/ogQvCm3GJnrqzaeJ48IqxP48bR5
3j3J8X6uzQ8fpwY0Bc0t7tyx9qWV6xTbCcWTQFSB/LlA2wLuLxdGyXtMDHAqsnLd4zMeq3+iHRAC
fiV60e+kr1KandjXjbKHUqPm41o1rzs7rOItxt3GOW+tYBhajaD/OZPVV4BUPPjHwv0mXGrFqSHE
ZLJ0nMeEmLu89OIkVHbDNaHo+7TD4ktKnYKPq1OBzgTh5F2tKwu/e2GKj+XxrWSucJIbaEI1H8xJ
DcI=
=kKPe
-----END PGP SIGNATURE-----
--------------rduaIHY67WUoYGHOFD6bw2oa--
--===============0340253876457818274==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline
Cg==
--===============0340253876457818274==--
|
|
|
|
