Alert Regarding Vulnerabilities in Apache Tomcat

Haythem Elmir 7 ans ago
0 1
Read Time36 Second

On September 19, 2017 (US time), the Apache Software Foundation released information on vulnerabilities (CVE-2017-12615 and CVE-2017-12616) in
Apache Tomcat. In the vulnerability CVE-2017-12615, when running on Windows with HTTP PUTs enabled (e.g. via setting the readonly
initialisation parameter of the Default to false), arbitrary code may be executed remotely on the server that runs Apache Tomcat by using a
specially crafted request. In the vulnerability CVE-2017-12616, when using VirtualDirContext, it was possible to bypass security constraints
and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.

To read the original article :https://www.jpcert.or.jp/english/at/2017/at170038.html

About Post Author

Haythem Elmir

haythem.elmir@keystone.tn
http://ww.cyber.tn
Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
100 %

Average Rating

5 Star
0%
4 Star
0%
3 Star
0%
2 Star
0%
1 Star
0%
(Add your review)

Laisser un commentaire

Next Post

A clearer picture of the CCleaner backdoor incident

ven Sep 22 , 2017
On Monday, Cisco and Piriform – the Avast-owned company behind the popular CCleaner utility – announced that certain versions of the software have been backdoored by hackers. To read the original article : https://www.helpnetsecurity.com/2017/09/19/ccleaner-backdoor-incident/?utm_source=dlvr.it&utm_medium=twitter

You May Like