Security Update:The Apache Software Foundation has released two important security advisories to address vulnerabilities in Apache Tomcat
The Apache Software Foundation has released two important security advisories to address vulnerabilities in Apache Tomcat
Status Type
Security Update
Private
Public
Date and Time
Tuesday, September 19, 2017 - 14:53
Reason
Security Update
Impact
Apache Tomcat users
WHAT HAPPENED?
The Apache Software Foundation has released two important security advisories to address vulnerabilities in Apache Tomcat.
Advanced Users: For a complete description of the security advisory go to:
- CVE-2017-12615 Apache Tomcat Remote Code Execution via JSP Upload at: http://mail-archives.us.apache.org/mod_mbox/www-announce/201709.mbox/%[email protected]%3e [1]
- CVE-2017-12616 Apache Tomcat Information Disclosure at: http://mail-archives.us.apache.org/mod_mbox/www-announce/201709.mbox/<[email protected]> [2]
AFFECTED SYSTEMS:
- Apache Tomcat 7.0.0 to 7.0.80
WHAT’S THE PROBLEM?
Exploitation of one of these vulnerabilities could allow an attacker to control of an affected system.
HOW DO I PROTECT MY WEB SITE?
- Users and administrators are encouraged to review the Apache Security advisories listed above.
RELATED LINKS
- IT Security - https://it.ucsf.edu/security [3]