CVE-2017-12617
04.10.2017, 01:29
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.Enginsight
| Vendor | Product | Version |
|---|---|---|
| apache | tomcat | 7.0.0 ≤ 𝑥 < 7.0.82 |
| apache | tomcat | 8.0 ≤ 𝑥 < 8.0.47 |
| apache | tomcat | 8.5.0 ≤ 𝑥 < 8.5.23 |
| apache | tomcat | 9.0.0 ≤ 𝑥 < 9.0.1 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 18.04 |
| oracle | agile_plm | 9.3.3 |
| oracle | agile_plm | 9.3.4 |
| oracle | agile_plm | 9.3.5 |
| oracle | agile_plm | 9.3.6 |
| oracle | communications_instant_messaging_server | 10.0.1 |
| oracle | endeca_information_discovery_integrator | 3.1.0 |
| oracle | endeca_information_discovery_integrator | 3.2.0 |
| oracle | enterprise_manager_for_mysql_database | 12.1.0.4.0 |
| oracle | financial_services_analytical_applications_infrastructure | 7.3.3.0.0 ≤ 𝑥 ≤ 7.3.5.3.0 |
| oracle | financial_services_analytical_applications_infrastructure | 8.0.0.0.0 ≤ 𝑥 ≤ 8.0.9.0.0 |
| oracle | fmw_platform | 12.2.1.2.0 |
| oracle | fmw_platform | 12.2.1.3.0 |
| oracle | health_sciences_empirica_inspections | 1.0.1.1 |
| oracle | hospitality_guest_access | 4.2.0 |
| oracle | hospitality_guest_access | 4.2.1 |
| oracle | instantis_enterprisetrack | 17.1 |
| oracle | instantis_enterprisetrack | 17.2 |
| oracle | management_pack | 11.2.1.0.13 |
| oracle | micros_lucas | 2.9.5 |
| oracle | micros_retail_xbri_loss_prevention | 10.0.1 |
| oracle | micros_retail_xbri_loss_prevention | 10.5.0 |
| oracle | micros_retail_xbri_loss_prevention | 10.6.0 |
| oracle | micros_retail_xbri_loss_prevention | 10.7.0 |
| oracle | micros_retail_xbri_loss_prevention | 10.8.0 |
| oracle | micros_retail_xbri_loss_prevention | 10.8.1 |
| oracle | mysql_enterprise_monitor | 𝑥 ≤ 3.3.6.3293 |
| oracle | mysql_enterprise_monitor | 3.4.0 ≤ 𝑥 ≤ 3.4.4.4226 |
| oracle | mysql_enterprise_monitor | 4.0.0 ≤ 𝑥 ≤ 4.0.0.5135 |
| oracle | retail_advanced_inventory_planning | 13.2 |
| oracle | retail_advanced_inventory_planning | 13.4 |
| oracle | retail_advanced_inventory_planning | 14.1 |
| oracle | retail_advanced_inventory_planning | 15.0 |
| oracle | retail_back_office | 14.0.4 |
| oracle | retail_back_office | 14.1.3 |
| oracle | retail_central_office | 14.0.4 |
| oracle | retail_central_office | 14.1.3 |
| oracle | retail_convenience_and_fuel_pos_software | 2.1.132 |
| oracle | retail_eftlink | 1.1.124 |
| oracle | retail_eftlink | 15.0.1 |
| oracle | retail_eftlink | 16.0.2 |
| oracle | retail_insights | 14.0 |
| oracle | retail_insights | 14.1 |
| oracle | retail_insights | 15.0 |
| oracle | retail_insights | 16.0 |
| oracle | retail_invoice_matching | 12.0 |
| oracle | retail_invoice_matching | 13.0 |
| oracle | retail_invoice_matching | 13.1 |
| oracle | retail_invoice_matching | 13.2 |
| oracle | retail_invoice_matching | 14.0 |
| oracle | retail_invoice_matching | 14.1 |
| oracle | retail_invoice_matching | 15.0 |
| oracle | retail_invoice_matching | 16.0 |
| oracle | retail_order_broker | 5.0 |
| oracle | retail_order_broker | 5.1 |
| oracle | retail_order_broker | 5.2 |
| oracle | retail_order_broker | 15.0 |
| oracle | retail_order_broker | 16.0 |
| oracle | retail_order_management_system | 4.0 |
| oracle | retail_order_management_system | 4.5 |
| oracle | retail_order_management_system | 4.7 |
| oracle | retail_order_management_system | 5.0 |
| oracle | retail_point-of-service | 14.0.4 |
| oracle | retail_point-of-service | 14.1.3 |
| oracle | retail_price_management | 12.0 |
| oracle | retail_price_management | 13.0 |
| oracle | retail_price_management | 13.1 |
| oracle | retail_price_management | 13.2 |
| oracle | retail_price_management | 14.0 |
| oracle | retail_price_management | 14.1 |
| oracle | retail_price_management | 15.0 |
| oracle | retail_price_management | 16.0 |
| oracle | retail_returns_management | 2.3.8 |
| oracle | retail_returns_management | 2.4.9 |
| oracle | retail_returns_management | 14.0.4 |
| oracle | retail_returns_management | 14.1.3 |
| oracle | retail_store_inventory_management | 12.0.12 |
| oracle | retail_store_inventory_management | 13.0.7 |
| oracle | retail_store_inventory_management | 13.1.9 |
| oracle | retail_store_inventory_management | 13.2.9 |
| oracle | retail_store_inventory_management | 14.0.4 |
| oracle | retail_store_inventory_management | 14.1.3 |
| oracle | retail_store_inventory_management | 15.0.2 |
| oracle | retail_store_inventory_management | 16.0.1 |
| oracle | retail_xstore_point_of_service | 6.0.11 |
| oracle | retail_xstore_point_of_service | 7.0.6 |
| oracle | retail_xstore_point_of_service | 7.1.6 |
| oracle | retail_xstore_point_of_service | 15.0.1 |
| oracle | transportation_management | 6.3.1 |
| oracle | transportation_management | 6.3.2 |
| oracle | transportation_management | 6.3.3 |
| oracle | transportation_management | 6.3.4 |
| oracle | transportation_management | 6.3.5 |
| oracle | transportation_management | 6.3.6 |
| oracle | transportation_management | 6.3.7 |
| oracle | tuxedo_system_and_applications_monitor | 12.1.3.0.0 |
| oracle | webcenter_sites | 11.1.1.8.0 |
| oracle | workload_manager | 12.2.0.1 |
| debian | debian_linux | 7.0 |
| netapp | active_iq_unified_manager | 7.3 ≤ |
| netapp | active_iq_unified_manager | 9.5 ≤ |
| netapp | oncommand_balance | - |
| netapp | oncommand_insight | - |
| netapp | oncommand_shift | - |
| netapp | oncommand_workflow_automation | - |
| netapp | snapcenter | - |
| netapp | element | - |
| redhat | fuse | 1.0 |
| redhat | jboss_enterprise_application_platform | 6.0.0 |
| redhat | jboss_enterprise_application_platform | 6.4.0 |
| redhat | jboss_enterprise_web_server | 2.0.0 |
| redhat | jboss_enterprise_web_server | 3.0.0 |
| redhat | jboss_enterprise_web_server_text-only_advisories | - |
| redhat | enterprise_linux_desktop | 6.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_eus | 7.4 |
| redhat | enterprise_linux_eus | 7.5 |
| redhat | enterprise_linux_eus | 7.6 |
| redhat | enterprise_linux_eus | 7.7 |
| redhat | enterprise_linux_eus_compute_node | 7.4 |
| redhat | enterprise_linux_eus_compute_node | 7.5 |
| redhat | enterprise_linux_eus_compute_node | 7.6 |
| redhat | enterprise_linux_eus_compute_node | 7.7 |
| redhat | enterprise_linux_for_ibm_z_systems | 6.0_s390x:_s390x |
| redhat | enterprise_linux_for_ibm_z_systems | 7.0_s390x:_s390x |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 7.4_s390x:_s390x |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 7.5_s390x:_s390x |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 7.6_s390x:_s390x |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 7.7_s390x:_s390x |
| redhat | enterprise_linux_for_power_big_endian | 6.0_ppc64:_ppc64 |
| redhat | enterprise_linux_for_power_big_endian | 7.0_ppc64:_ppc64 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.4_ppc64:_ppc64 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.5_ppc64:_ppc64 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.6_ppc64:_ppc64 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.7_ppc64:_ppc64 |
| redhat | enterprise_linux_for_power_little_endian | 7.0 |
| redhat | enterprise_linux_for_power_little_endian_eus | 7.4_ppc64le:_ppc64le |
| redhat | enterprise_linux_for_power_little_endian_eus | 7.5_ppc64le:_ppc64le |
| redhat | enterprise_linux_for_power_little_endian_eus | 7.6_ppc64le:_ppc64le |
| redhat | enterprise_linux_for_power_little_endian_eus | 7.7_ppc64le:_ppc64le |
| redhat | enterprise_linux_server | 6.0 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_server_aus | 7.4 |
| redhat | enterprise_linux_server_aus | 7.6 |
| redhat | enterprise_linux_server_aus | 7.7 |
| redhat | enterprise_linux_server_tus | 7.4 |
| redhat | enterprise_linux_server_tus | 7.6 |
| redhat | enterprise_linux_server_tus | 7.7 |
| redhat | enterprise_linux_workstation | 6.0 |
| redhat | enterprise_linux_workstation | 7.0 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| tomcat7 |
| ||||||||||||||||||||||||||||||||||||
| tomcat8 |
| ||||||||||||||||||||||||||||||||||||
| tomcat8.0 |
|
Common Weakness Enumeration
References