BSA-2017-447
21623
24 December 2018
17 November 2017
Closed
Low
5.0
N/A
CVE-2017-12617
Summary
Security Advisory ID : BSA-2017-447
Component : Apache
Revision : 2.0: Final
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
Affected Products
No Brocade Fibre Channel technology products from Broadcom are currently known to be affected by this vulnerability.
Workaround
There are no workarounds that address this vulnerability.
Revision History
Version | Change | Date |
---|---|---|
1.0 | Initial Publication | November 17, 2017 |
2.0 | Updated for Fibre Channel Only | December 24, 2018 |