Hello,
2017-10-04 4:52 GMT+03:00 Caldarale, Charles R :
>
> > From: Baron Fujimoto [mailto:ba...@hawaii.edu]
> > Subject: Re: [SECURITY] CVE-2017-12617 Apache Tomcat Remote Code
Execution
> via JSP upload
>
> > I haven't seen an announcement for 8.0.47, nor does th
On 04/10/17 08:27, Michael Smith wrote:
> Mark,
>
> Do you know if tomcat 5.x and 6.x are vulnerable to this issue? I know they
> are not supported, but are they exploitable by this vulnerability?
I don't know. I haven't tested them and I don't plan to test them.
My expectation is that 6.x and 5
Mark,
Do you know if tomcat 5.x and 6.x are vulnerable to this issue? I know they
are not supported, but are they exploitable by this vulnerability?
Thx
Mike
On 3 October 2017 at 11:55, Mark Thomas wrote:
> CVE-2017-12617 Apache Tomcat Remote Code Execution via JSP Upload
>
> Severity: Import
> From: Baron Fujimoto [mailto:ba...@hawaii.edu]
> Subject: Re: [SECURITY] CVE-2017-12617 Apache Tomcat Remote Code Execution
via JSP upload
> I haven't seen an announcement for 8.0.47, nor does the Apache Tomcat
> website seem to reference it yet, but it appears to be
On Tue, Oct 03, 2017 at 10:55:26AM +, Mark Thomas wrote:
>CVE-2017-12617 Apache Tomcat Remote Code Execution via JSP Upload
>
>Severity: Important
>
>Vendor: The Apache Software Foundation
>
>Versions Affected:
>[...]
>Apache Tomcat 8.0.0.RC1 to 8.0.46
>[...]
>
>Description:
>When running with
CVE-2017-12617 Apache Tomcat Remote Code Execution via JSP Upload
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.0
Apache Tomcat 8.5.0 to 8.5.22
Apache Tomcat 8.0.0.RC1 to 8.0.46
Apache Tomcat 7.0.0 to 7.0.81
Description:
When running
