Alert Regarding Vulnerabilities in Apache Tomcat

cyber

On September 19, 2017 (US time), the Apache Software Foundation released information on vulnerabilities (CVE-2017-12615 and CVE-2017-12616) in
Apache Tomcat. In the vulnerability CVE-2017-12615, when running on Windows with HTTP PUTs enabled (e.g. via setting the readonly
initialisation parameter of the Default to false), arbitrary code may be executed remotely on the server that runs Apache Tomcat by using a
specially crafted request. In the vulnerability CVE-2017-12616, when using VirtualDirContext, it was possible to bypass security constraints
and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.

To read the original article :https://www.jpcert.or.jp/english/at/2017/at170038.html

Laisser un commentaire

Next Post

A clearer picture of the CCleaner backdoor incident

On Monday, Cisco and Piriform – the Avast-owned company behind the popular CCleaner utility – announced that certain versions of the software have been backdoored by hackers. To read the original article : https://www.helpnetsecurity.com/2017/09/19/ccleaner-backdoor-incident/?utm_source=dlvr.it&utm_medium=twitter