BSA-2017-447

Brocade Fabric OS

2 more products

21623

24 December 2018

17 November 2017

Closed

Low

5.0

N/A

CVE-2017-12617

Summary

Security Advisory ID : BSA-2017-447

Component : Apache

Revision : 2.0: Final

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

Affected Products

No Brocade Fibre Channel technology products from Broadcom are currently known to be affected by this vulnerability.

Workaround

There are no workarounds that address this vulnerability.

Revision History

Version Change Date
1.0 Initial Publication November 17, 2017
2.0 Updated for Fibre Channel Only December 24, 2018