Amazon Linux AMI : tomcat7 (ALAS-2018-947)

This script is Copyright (C) 2018 Tenable Network Security, Inc.


Synopsis :

The remote Amazon Linux AMI host is missing a security update.

Description :

Incorrect documentation of CGI Servlet search algorithm may lead to
misconfiguration :

As part of the fix for bug 61201, the documentation for Apache Tomcat
included an updated description of the search algorithm used by the
CGI Servlet to identify which script to execute. The update was not
correct. As a result, some scripts may have failed to execute as
expected and other scripts may have been executed unexpectedly. Note
that the behaviour of the CGI servlet has remained unchanged in this
regard. It is only the documentation of the behaviour that was wrong
and has been corrected. (CVE-2017-15706)

See also :

https://alas.aws.amazon.com/ALAS-2018-947.html

Solution :

Run 'yum update tomcat7' to update your system.

Risk factor :

High

Family: Amazon Linux Local Security Checks

Nessus Plugin ID: 106692 ()

Bugtraq ID:

CVE ID: CVE-2017-15706

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now