Tuesday, February 25, 2025

[USN-7282-1] tomcat7 vulnerabilities

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEKl1CaPno2Qy4/AU8lFzKVeTWQe4FAme9aDIFAwAAAAAACgkQlFzKVeTWQe6y
6w/9FEGf4b1ptyfyvBdhG4tXiErmXxQH4HiBL3VTGiP33B2G7gi09ddqZmGi1sryicxsFYzhWY0f
XHjJMxD4lYTf58mWm51VhXHdDAh8qdlqkpdaeByWURQsuBUQqVSkebkaw4toDKRLwHYWFuCMJk9k
W9s66je0DaIjjeZq9Lfh+zDNb+E1DR1GMiCVPgzLg0Zpb12Q6NIkVDhxDTXvp5nbrayFEpn6VrFg
X0rzx96SPMF8nEMxdOV014Yg3QRoPlIBj6vke6kTeJ1C7htzrKSOgypy26zUDeLHUWLO3HDtnqOk
TdD7qr4m6PmiNigNFKQNKjAeLt3w01JdujZqF5lS+13Y3ieEFv3NJgMD0x5mhC9qxc7Jmy/QQiad
+9M0tq65wd4g5n3hEmnOL0QfpDblU9HxQVo1Nhi+Fpdv4rp2/ogQvCm3GJnrqzaeJ48IqxP48bR5
3j3J8X6uzQ8fpwY0Bc0t7tyx9qWV6xTbCcWTQFSB/LlA2wLuLxdGyXtMDHAqsnLd4zMeq3+iHRAC
fiV60e+kr1KandjXjbKHUqPm41o1rzs7rOItxt3GOW+tYBhajaD/OZPVV4BUPPjHwv0mXGrFqSHE
ZLJ0nMeEmLu89OIkVHbDNaHo+7TD4ktKnYKPq1OBzgTh5F2tKwu/e2GKj+XxrWSucJIbaEI1H8xJ
DcI=
=kKPe
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7282-1
February 21, 2025

tomcat7 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

tomcat7 could be made to execute arbitrary code.

Software Description:
- tomcat7: Servlet and JSP engine

Details:

It was discovered that Tomcat incorrectly handled being configured with
HTTP PUTs enabled. A remote attacker could use this issue to upload a JSP
file to the server and execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS
libtomcat7-java 7.0.68-1ubuntu0.4+esm3
Available with Ubuntu Pro
tomcat7 7.0.68-1ubuntu0.4+esm3
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7282-1
CVE-2017-12616, CVE-2017-12617

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)