CVE-2017-12617

MEDIUM

Description

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

References

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.securityfocus.com/bid/100954

http://www.securitytracker.com/id/1039552

https://access.redhat.com/errata/RHSA-2017:3080

https://access.redhat.com/errata/RHSA-2017:3081

https://access.redhat.com/errata/RHSA-2017:3113

https://access.redhat.com/errata/RHSA-2017:3114

https://access.redhat.com/errata/RHSA-2018:0268

https://access.redhat.com/errata/RHSA-2018:0269

https://access.redhat.com/errata/RHSA-2018:0270

https://access.redhat.com/errata/RHSA-2018:0271

https://access.redhat.com/errata/RHSA-2018:0275

https://access.redhat.com/errata/RHSA-2018:0465

https://access.redhat.com/errata/RHSA-2018:0466

https://access.redhat.com/errata/RHSA-2018:2939

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cannounce.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.debian.org/debian-lts-announce/2017/11/msg00009.html

https://security.netapp.com/advisory/ntap-20171018-0002/

https://security.netapp.com/advisory/ntap-20180117-0002/

https://support.f5.com/csp/article/K53173544

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03812en_us

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us

https://usn.ubuntu.com/3665-1/

https://www.exploit-db.com/exploits/42966/

https://www.exploit-db.com/exploits/43008/

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Details

Source: MITRE

Published: 2017-10-04

Updated: 2019-04-23

Type: CWE-434

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.2

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.5:beta:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.24:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.31:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.36:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.38:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.43:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.44:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.45:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.46:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.48:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.49:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.51:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.54:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.55:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.56:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.57:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.58:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.59:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.60:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.61:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.62:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.63:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.64:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.65:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.66:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.67:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.68:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.69:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.70:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.71:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.72:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.73:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.74:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.75:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.76:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.77:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.79:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.80:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.81:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.0:rc2:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.10:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.13:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.14:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.15:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.16:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.17:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.18:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.19:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.20:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.21:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.22:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.23:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.24:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.25:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.26:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.27:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.28:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.29:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.30:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.31:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.32:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.33:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.34:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.35:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.36:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.37:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.38:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.39:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.40:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.41:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.42:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.43:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.44:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.45:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.46:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.5.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.5.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.5.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.5.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.5.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.5.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.5.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.5.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.5.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.5.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.5.10:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.5.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.5.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.5.13:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.5.14:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.5.15:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.5.16:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.5.17:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.5.18:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.5.19:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.5.21:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.5.22:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m1:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m10:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m11:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m12:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m13:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m14:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m15:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m16:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m17:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m18:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m19:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m2:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m20:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m21:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m22:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m3:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m4:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m5:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m6:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m7:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m8:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:m9:*:*:*:*:*:*

Tenable Plugins

View all (41 total)

IDNameProductFamilySeverity
127359NewStart CGSL MAIN 4.05 : tomcat6 Multiple Vulnerabilities (NS-SA-2019-0117)NessusNewStart CGSL Local Security Checks
medium
700703Apache Tomcat 9.0.x < 9.0.1 RCENessus Network MonitorWeb Servers
medium
700675Apache Tomcat 7.0.x < 7.0.82 RCENessus Network MonitorWeb Servers
medium
700610Apache Tomcat 8.0.x < 8.0.47 / 8.5.x < 8.5.23 RCENessus Network MonitorWeb Servers
high
119237Virtuozzo 6 : tomcat6 / tomcat6-admin-webapps / etc (VZLSA-2017-3080)NessusVirtuozzo Local Security Checks
medium
112309Apache Tomcat 7.0.x < 7.0.82 Remote Code Execution via JSP UploadWeb Application ScanningComponent Vulnerability
medium
112300Apache Tomcat 8.5.x < 8.5.23 Remote Code Execution via JSP UploadWeb Application ScanningComponent Vulnerability
medium
112294Apache Tomcat 9.0.0.M1 < 9.0.1 Remote Code Execution via JSP UploadWeb Application ScanningComponent Vulnerability
medium
110264Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : Tomcat vulnerabilities (USN-3665-1)NessusUbuntu Local Security Checks
high
109209Oracle WebCenter Sites Remote Vulnerability (April 2018 CPU)NessusWindows
medium
107208RHEL 6 / 7 : Red Hat JBoss Web Server 3.1.0 Service Pack 2 (RHSA-2018:0466)NessusRed Hat Local Security Checks
medium
106651RHEL 6 : JBoss EAP (RHSA-2018:0270)NessusRed Hat Local Security Checks
high
106650RHEL 7 : JBoss EAP (RHSA-2018:0268)NessusRed Hat Local Security Checks
high
106616RHEL 6 : jboss-ec2-eap (RHSA-2018:0275)NessusRed Hat Local Security Checks
high
106349Oracle iPlanet Web Server 7.0.x < 7.0.27 NSS Unspecified Vulnerability (January 2018 CPU)NessusWeb Servers
critical
106299Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (January 2018 CPU)NessusWeb Servers
critical
106188Oracle Database Multiple Vulnerabilities (January 2018 CPU)NessusDatabases
medium
106103MySQL Enterprise Monitor 3.3.x < 3.3.7.3306 / 3.4.x < 3.4.5.4248 / 4.0.x < 4.0.2.5168 Multiple Vulnerabilities (January 2018 CPU)NessusCGI abuses
medium
105995Fedora 27 : 1:tomcat (2017-ebb76fc3c9)NessusFedora Local Security Checks
medium
105006Apache Tomcat HTTP PUT JSP File Upload RCENessusWeb Servers
medium
104765openSUSE Security Update : tomcat (openSUSE-2017-1299)NessusSuSE Local Security Checks
medium
104506Fedora 25 : 1:tomcat (2017-f499ee7b12)NessusFedora Local Security Checks
medium
104505Fedora 26 : 1:tomcat (2017-ef7c118dbc)NessusFedora Local Security Checks
medium
104456RHEL 6 / 7 : Red Hat JBoss Web Server (RHSA-2017:3113) (Optionsbleed)NessusRed Hat Local Security Checks
medium
104358Apache Tomcat 6.0.x < 6.0.24 Multiple VulnerabilitiesNessusWeb Servers
medium
104287EulerOS 2.0 SP2 : tomcat (EulerOS-SA-2017-1262)NessusHuawei Local Security Checks
medium
104286EulerOS 2.0 SP1 : tomcat (EulerOS-SA-2017-1261)NessusHuawei Local Security Checks
medium
104269Scientific Linux Security Update : tomcat on SL7.x (noarch) (20171030)NessusScientific Linux Local Security Checks
medium
104268Scientific Linux Security Update : tomcat6 on SL6.x (noarch) (20171030)NessusScientific Linux Local Security Checks
medium
104257CentOS 7 : tomcat (CESA-2017:3081)NessusCentOS Local Security Checks
medium
104256CentOS 6 : tomcat6 (CESA-2017:3080)NessusCentOS Local Security Checks
medium
104251RHEL 7 : tomcat (RHSA-2017:3081)NessusRed Hat Local Security Checks
medium
104250RHEL 6 : tomcat6 (RHSA-2017:3080)NessusRed Hat Local Security Checks
medium
104248Oracle Linux 7 : tomcat (ELSA-2017-3081)NessusOracle Linux Local Security Checks
medium
104247Oracle Linux 6 : tomcat6 (ELSA-2017-3080)NessusOracle Linux Local Security Checks
medium
104179Amazon Linux AMI : tomcat8 / tomcat80,tomcat7 (ALAS-2017-913)NessusAmazon Linux Local Security Checks
medium
103782Apache Tomcat 7.0.x < 7.0.82 Multiple VulnerabilitiesNessusWeb Servers
medium
103718FreeBSD : tomcat -- Remote Code Execution (c0dae634-4820-4505-850d-b1c975d0f67d)NessusFreeBSD Local Security Checks
medium
103699Apache Tomcat 9.0.0.M1 < 9.0.1 Multiple VulnerabilitiesNessusWeb Servers
medium
103698Apache Tomcat 7.0.x < 7.0.82 / 8.5.x < 8.5.23 Multiple VulnerabilitiesNessusWeb Servers
medium
103697Apache Tomcat 8.0.0.RC1 < 8.0.47 Multiple VulnerabilitiesNessusWeb Servers
medium