Amazon Linux AMI : tomcat8 / tomcat80,tomcat7 (ALAS-2017-913)
Medium Nessus Plugin ID 104179
SynopsisThe remote Amazon Linux AMI host is missing a security update.
DescriptionA vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12617)
SolutionRun 'yum update tomcat8' to update your system.
Run 'yum update tomcat80' to update your system.
Run 'yum update tomcat7' to update your system.