Tomcat Vulnerability -

Document ID : KB000009072
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

A vulnerability exists in Apache Tomcat that, when exploited, could allow attackers to execute arbitrary code on the targeted host. 

 

Products Affected:

Apache Tomcat 7.0.0 to 7.0.81

Apache Tomcat 8.0.0.RC1 to 8.0.46, 8.5.0 to 8.5.22

Apache Tomcat 9.0.0.M1 to 9.0.0.M21

 

Threat Assessment:

Exploitation could allow attackers to execute arbitrary code on the targeted host. An attacker can successfully exploit this vulnerability by submitting a specially crafted request for the host to process.

 

NIRT rates this vulnerability as Severity Level #3 for internal servers and will continue to monitor the situation providing updates where appropriate.

 

Required Actions:

Apply the following patches where appropriate:

 

Security Update Information

https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.82

https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.47

https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.1

 

NIRT recommends a careful review of all vendor notes related to this vulnerability. Customers should proceed with appropriate testing and planning to meet the required due date.

Environment:
CA Spectrum 10.1.xCA Spectrum 10.2.x
Cause:

A vulnerability exists in Apache Tomcat that, when exploited, could allow attackers to execute arbitrary code on the targeted host. 

 

Products Affected:

Apache Tomcat 7.0.0 to 7.0.81

Apache Tomcat 8.0.0.RC1 to 8.0.46, 8.5.0 to 8.5.22

Apache Tomcat 9.0.0.M1 to 9.0.0.M21

Resolution:

Problem Description: 
----------------------------- 
Vulnerability: CVE-2017-12617 . 

Required Actions:
Apply the following patches where appropriate: 

Security Update Information 
https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.82 
https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.47 
https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.1 

Cause: 
--------- 
Vulnerability 

Solution: 
------------ 
This is going to be fix on 10.2.3 and in: 

Spectrum_10.01.01.PTF_10.1.182.Windows.exe 
Spectrum_10.01.01.PTF_10.1.182.Solaris.txe 
Spectrum_10.01.01.PTF_10.1.182.Linux.txe

Additional Information:

CA Spectrum 10.1.x

CA Spectrum 10.2.x