tomcat7 could be made to execute arbitrary code.
Software Description:
- tomcat7: Servlet and JSP engine
Details:
It was discovered that Tomcat incorrectly handled being configured with
HTTP PUTs enabled. A remote attacker could use this issue to upload a JSP
file to the server and execute arbitrary code.
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS
libtomcat7-java 7.0.68-1ubuntu0.4+esm3
Available with Ubuntu Pro
tomcat7 7.0.68-1ubuntu0.4+esm3
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.https://ubuntu.com/security/notices/USN-7282-1
CVE-2017-12616, CVE-2017-12617
Get the latest Linux and open source security news straight to your inbox.