CVE-2017-12615 Apache tomcat RCE via JSP upload

Support for security such as Firewalls and securing linux
Post Reply
Sukumar2574
Posts: 6
Joined: 2017/10/02 19:18:30

CVE-2017-12615 Apache tomcat RCE via JSP upload

Post by Sukumar2574 » 2018/06/25 17:15:07

Our internal team has reported this vulnerability on CentOS 6. From the internet, I did not see anywhere about this vulnerability in CentOS. Though., there is no much difference between RHEL and CentOS except for brand renaming. I want to make sure if there are any patches released for this vulnerability.


please let me know if there are any patches.


thanks

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CVE-2017-12615 Apache tomcat RCE via JSP upload

Post by TrevorH » 2018/06/25 17:45:23

https://access.redhat.com/security/cve/cve-2017-12615
https://access.redhat.com/errata/RHSA-2017:3080

rpm -q tomcat6 should report a version higher than or equal to tomcat6-6.0.24-111.el6_9.noarch.rpm
and
rpm -q --changelog tomcat6 should contain

- Resolves: rhbz#1498345 CVE-2017-12615 CVE-2017-12617 tomcat6: various flaws
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply