High severity8.1CISA KEVNVD Advisory· Published Oct 4, 2017· Updated Jun 17, 2026
CVE-2017-12617
CVE-2017-12617
Description
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.tomcat:tomcat-catalinaMaven | >= 9.0.0.M1, < 9.0.1 | 9.0.1 |
org.apache.tomcat:tomcat-catalinaMaven | >= 8.5.0, < 8.5.23 | 8.5.23 |
org.apache.tomcat:tomcat-catalinaMaven | >= 8.0.0-RC1, < 8.0.47 | 8.0.47 |
org.apache.tomcat:tomcat-catalinaMaven | >= 7.0.0, < 7.0.82 | 7.0.82 |
org.apache.tomcat.embed:tomcat-embed-coreMaven | >= 9.0.0.M1, < 9.0.1 | 9.0.1 |
org.apache.tomcat.embed:tomcat-embed-coreMaven | >= 8.5.0, < 8.5.23 | 8.5.23 |
org.apache.tomcat.embed:tomcat-embed-coreMaven | >= 8.0.0-RC1, < 8.0.47 | 8.0.47 |
org.apache.tomcat.embed:tomcat-embed-coreMaven | >= 7.0.0, < 7.0.82 | 7.0.82 |
Affected products
166cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*+ 1 more
- cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*range: >=9.5
- cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*range: >=7.3
- cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:agile_plm:9.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.1.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:12.1.0.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*Range: >=7.3.3.0.0,<=7.3.5.3.0
cpe:2.3:a:oracle:fmw_platform:12.2.1.2.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:oracle:fmw_platform:12.2.1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:fmw_platform:12.2.1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:health_sciences_empirica_inspections:1.0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:management_pack:11.2.1.0.13:*:*:*:*:goldengate:*:*
- cpe:2.3:a:oracle:micros_lucas:2.9.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.0.1:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*Range: <=3.3.6.3293
cpe:2.3:a:oracle:retail_advanced_inventory_planning:13.2:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:oracle:retail_advanced_inventory_planning:13.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_advanced_inventory_planning:13.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_back_office:14.0.4:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:oracle:retail_back_office:14.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_back_office:14.1.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_central_office:14.0.4:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:oracle:retail_central_office:14.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_central_office:14.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_convenience_and_fuel_pos_software:2.1.132:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_eftlink:1.1.124:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:oracle:retail_eftlink:1.1.124:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_eftlink:15.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_eftlink:16.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_insights:14.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:oracle:retail_insights:14.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_insights:14.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_insights:15.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_insights:16.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_invoice_matching:12.0:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:oracle:retail_invoice_matching:12.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_invoice_matching:13.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_invoice_matching:13.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_invoice_matching:13.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_invoice_matching:14.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_invoice_matching:14.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_invoice_matching:16.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_order_broker:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_order_broker:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_order_management_system:4.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:oracle:retail_order_management_system:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_order_management_system:4.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_order_management_system:4.7:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_order_management_system:5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_point-of-service:14.0.4:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:oracle:retail_point-of-service:14.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_point-of-service:14.1.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_price_management:12.0:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:oracle:retail_price_management:12.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_price_management:13.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_price_management:13.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_price_management:13.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_price_management:14.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_price_management:14.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_price_management:15.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_price_management:16.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_returns_management:14.0.4:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:oracle:retail_returns_management:14.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_returns_management:14.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_returns_management:2.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_returns_management:2.4.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_store_inventory_management:12.0.12:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:oracle:retail_store_inventory_management:12.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_store_inventory_management:13.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_store_inventory_management:13.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_store_inventory_management:13.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_store_inventory_management:15.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_store_inventory_management:16.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.1:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_xstore_point_of_service:6.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:transportation_management:6.3.1:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:oracle:transportation_management:6.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:transportation_management:6.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:transportation_management:6.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:transportation_management:6.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:transportation_management:6.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:transportation_management:6.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:transportation_management:6.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:tuxedo_system_and_applications_monitor:12.1.3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:workload_manager:12.2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_web_server_text-only_advisories:-:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.4:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0_s390x:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0_s390x:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.4_s390x:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.4_s390x:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.5_s390x:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.6_s390x:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.7_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0_ppc64:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0_ppc64:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4_ppc64:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4_ppc64:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.5_ppc64:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6_ppc64:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.4_ppc64le:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.4_ppc64le:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.5_ppc64le:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.6_ppc64le:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.7_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- ghsa-coords15 versionspkg:maven/org.apache.tomcat.embed/tomcat-embed-corepkg:maven/org.apache.tomcat/tomcat-catalinapkg:rpm/opensuse/tomcat10&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/tomcat&distro=openSUSE%20Tumbleweedpkg:rpm/suse/tomcat6&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/tomcat6&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/tomcat&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/tomcat&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/tomcat&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/tomcat&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/tomcat&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/tomcat&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/tomcat&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/tomcat&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/tomcat&distro=SUSE%20OpenStack%20Cloud%206
>= 9.0.0.M1, < 9.0.1+ 14 more
- (no CPE)range: >= 9.0.0.M1, < 9.0.1
- (no CPE)range: >= 9.0.0.M1, < 9.0.1
- (no CPE)range: < 10.1.14-1.1
- (no CPE)range: < 9.0.36-8.4
- (no CPE)range: < 6.0.53-0.57.19.1
- (no CPE)range: < 6.0.53-0.57.19.1
- (no CPE)range: < 8.0.43-10.24.1
- (no CPE)range: < 8.0.43-29.5.1
- (no CPE)range: < 8.0.43-29.5.1
- (no CPE)range: < 7.0.82-7.16.1
- (no CPE)range: < 8.0.43-29.5.1
- (no CPE)range: < 8.0.43-10.24.1
- (no CPE)range: < 8.0.43-29.5.1
- (no CPE)range: < 8.0.43-29.5.1
- (no CPE)range: < 8.0.43-10.24.1
Patches
Vulnerability mechanics
References
89- www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlnvdPatchThird Party AdvisoryWEB
- www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlnvdPatchThird Party AdvisoryWEB
- www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlnvdPatchThird Party AdvisoryWEB
- lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3EnvdMailing ListPatchWEB
- lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3EnvdMailing ListPatchWEB
- lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3EnvdMailing ListPatchWEB
- lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3EnvdMailing ListPatchWEB
- lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3EnvdMailing ListPatchWEB
- lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3EnvdMailing ListPatchWEB
- lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3EnvdMailing ListPatchWEB
- lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3EnvdMailing ListPatchWEB
- lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3EnvdMailing ListPatchWEB
- lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3EnvdMailing ListPatchWEB
- lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3EnvdMailing ListPatchWEB
- lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3EnvdMailing ListPatchWEB
- lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3EnvdMailing ListPatchWEB
- lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3EnvdMailing ListPatchWEB
- lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3EnvdMailing ListPatchWEB
- lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3EnvdMailing ListPatchWEB
- www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlnvdPatchThird Party AdvisoryWEB
- www.exploit-db.com/exploits/42966/nvdExploitThird Party AdvisoryVDB Entry
- www.exploit-db.com/exploits/43008/nvdExploitThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/100954nvdBroken LinkThird Party AdvisoryVDB EntryWEB
- www.securitytracker.com/id/1039552nvdBroken LinkThird Party AdvisoryVDB EntryWEB
- access.redhat.com/errata/RHSA-2017:3080nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2017:3081nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2017:3113nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2017:3114nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:0268nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:0269nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:0270nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:0271nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:0275nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:0465nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:0466nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:2939nvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-xjgh-84hx-56c5ghsaADVISORY
- lists.debian.org/debian-lts-announce/2017/11/msg00009.htmlnvdMailing ListThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2017-12617ghsaADVISORY
- security.netapp.com/advisory/ntap-20171018-0002/nvdThird Party Advisory
- security.netapp.com/advisory/ntap-20180117-0002/nvdThird Party Advisory
- support.f5.com/csp/article/K53173544nvdThird Party AdvisoryWEB
- support.hpe.com/hpsc/doc/public/displaynvdThird Party AdvisoryWEB
- support.hpe.com/hpsc/doc/public/displaynvdThird Party AdvisoryWEB
- usn.ubuntu.com/3665-1/nvdThird Party Advisory
- github.com/apache/tomcat/commit/24aea94807f940ee44aa550378dc903289039dddghsaWEB
- github.com/apache/tomcat/commit/31e99502e2c602449a2f8835bd23ade772b77333ghsaWEB
- github.com/apache/tomcat/commit/327e8a6644e188764325a013aa2725a60f1b37e5ghsaWEB
- github.com/apache/tomcat/commit/46dfedbc0523d7182be97f4244d7b6c942164485ghsaWEB
- github.com/apache/tomcat/commit/4cf7dab88282c8f3c92f0b961cdb0096e1d63e88ghsaWEB
- github.com/apache/tomcat/commit/506d862e7edfa991de198e0f2e4c4540830fa531ghsaWEB
- github.com/apache/tomcat/commit/512a3c3aecdb52de092c6bacddd71b85c4feda06ghsaWEB
- github.com/apache/tomcat/commit/74ad0e216c791454a318c1811300469eedc5c6f3ghsaWEB
- github.com/apache/tomcat/commit/a9dd96046d7acb0357c6b7b9e6cc70d186fae663ghsaWEB
- github.com/apache/tomcat/commit/b577f9a7996b92b650b1649af3c3bae11c120db9ghsaWEB
- github.com/apache/tomcat/commit/b7e0435d17aba69f16ae9e8a78ad0f1565b552afghsaWEB
- github.com/apache/tomcat/commit/bbcbb749c75056a2781f37038d63e646fe972104ghsaWEB
- github.com/apache/tomcat/commit/c177e9668d1278710bdb14c0eb8d2702b3655f5aghsaWEB
- github.com/apache/tomcat/commit/cf0b37beb0622abdf24acc7110daf883f3fe4f95ghsaWEB
- github.com/apache/tomcat/commit/d5b170705d24c386d76038e5989045c89795c28cghsaWEB
- github.com/apache/tomcat/commit/e650cf1b83e441dbd3863f3f6b61c972cafce19eghsaWEB
- github.com/apache/tomcat/commit/f1b85da754c4760787d68a99e839b50878140b57ghsaWEB
- github.com/apache/tomcat/commit/fd52f8601170b91f9d7162510e54563e5bf6bdfeghsaWEB
- lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3EghsaWEB
- lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3EghsaWEB
- lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3EghsaWEB
- lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3EghsaWEB
- lists.apache.org/thread.html/3fd341a604c4e9eab39e7eaabbbac39c30101a022acc11dd09d7ebcb%40%3Cannounce.tomcat.apache.org%3EnvdIssue TrackingMailing ListWEB
- lists.apache.org/thread.html/3fd341a604c4e9eab39e7eaabbbac39c30101a022acc11dd09d7ebcb@%3Cannounce.tomcat.apache.org%3EghsaWEB
- lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3EghsaWEB
- lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3EghsaWEB
- lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3EghsaWEB
- lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3EghsaWEB
- lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3EghsaWEB
- lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3EghsaWEB
- lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3EghsaWEB
- lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3EghsaWEB
- lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3EghsaWEB
- lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3EghsaWEB
- lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3EghsaWEB
- lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3EghsaWEB
- security.netapp.com/advisory/ntap-20171018-0002ghsaWEB
- security.netapp.com/advisory/ntap-20180117-0002ghsaWEB
- usn.ubuntu.com/3665-1ghsaWEB
- web.archive.org/web/20171110171954/http://www.securityfocus.com/bid/100954ghsaWEB
- web.archive.org/web/20201209024734/http://www.securitytracker.com/id/1039552ghsaWEB
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government ResourceWEB
- www.exploit-db.com/exploits/42966ghsaWEB
- www.exploit-db.com/exploits/43008ghsaWEB
News mentions
0No linked articles in our index yet.