[jira] [Updated] (RANGER-1797) Tomcat Security Vulnerability Alert. The version of the tomcat for ranger should upgrade to 7.0.82.

2017-11-30 Thread Vishal Suvagia (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1797?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vishal Suvagia updated RANGER-1797:
---
Attachment: catalina.out

Attaching [^catalina.out], as per info shared on review request.

> Tomcat Security Vulnerability Alert. The version of the tomcat for ranger 
> should upgrade to 7.0.82.
> ---
>
> Key: RANGER-1797
> URL: https://issues.apache.org/jira/browse/RANGER-1797
> Project: Ranger
>  Issue Type: Bug
>  Components: admin
>Affects Versions: 1.0.0, master
>Reporter: peng.jianhua
>Assignee: peng.jianhua
>  Labels: patch
> Attachments: 
> 0001-RANGER-1797-Tomcat-Security-Vulnerability-Alert.-The.patch, catalina.out
>
>
> 【Security Vulnerability Alert】Tomcat Information leakage and remote code 
> execution vulnerabilities.
> CVE ID:
> {code}
> CVE-2017-12615\CVE-2017-12616
> {code}
> Description
> {code}
> CVE-2017-12615:When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with 
> HTTP PUTs enabled, it was possible to upload a JSP file to the server via a 
> specially crafted request. This JSP could then be requested and any code it 
> contained would be executed by the server.
> CVE-2017-12616:When using a VirtualDirContext with Apache Tomcat 7.0.0 to 
> 7.0.80, it was possible to use a specially crafted request, bypass security 
> constraints, or get the source code of JSPs for resources served by the 
> VirtualDirContext, thereby cased code disclosure.
> {code}
> Scope
> {code}
> CVE-2017-12615:Apache Tomcat 7.0.0 - 7.0.79
> CVE-2017-12616:Apache Tomcat 7.0.0 - 7.0.80
> {code}
> Solution
> {code}
> The official release of the Apache Tomcat 7.0.81 version has fixed the two 
> vulnerabilities and recommends upgrading to the latest version.
> {code}
> Reference
> {code}
> https://tomcat.apache.org/security-7.html
> http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81
> https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.82
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (RANGER-1797) Tomcat Security Vulnerability Alert. The version of the tomcat for ranger should upgrade to 7.0.82.

2017-10-10 Thread peng.jianhua (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1797?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

peng.jianhua updated RANGER-1797:
-
Summary: Tomcat Security Vulnerability Alert. The version of the tomcat for 
ranger should upgrade to 7.0.82.  (was: Tomcat Security Vulnerability Alert. 
The version of the tomcat for ranger should upgrade to 7.0.81.)

> Tomcat Security Vulnerability Alert. The version of the tomcat for ranger 
> should upgrade to 7.0.82.
> ---
>
> Key: RANGER-1797
> URL: https://issues.apache.org/jira/browse/RANGER-1797
> Project: Ranger
>  Issue Type: Bug
>  Components: admin
>Affects Versions: 1.0.0, master
>Reporter: peng.jianhua
>Assignee: peng.jianhua
>  Labels: patch
> Attachments: 
> 0001-RANGER-1797-Tomcat-Security-Vulnerability-Alert.-The.patch
>
>
> 【Security Vulnerability Alert】Tomcat Information leakage and remote code 
> execution vulnerabilities.
> CVE ID:
> {code}
> CVE-2017-12615\CVE-2017-12616
> {code}
> Description
> {code}
> CVE-2017-12615:When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with 
> HTTP PUTs enabled, it was possible to upload a JSP file to the server via a 
> specially crafted request. This JSP could then be requested and any code it 
> contained would be executed by the server.
> CVE-2017-12616:When using a VirtualDirContext with Apache Tomcat 7.0.0 to 
> 7.0.80, it was possible to use a specially crafted request, bypass security 
> constraints, or get the source code of JSPs for resources served by the 
> VirtualDirContext, thereby cased code disclosure.
> {code}
> Scope
> {code}
> CVE-2017-12615:Apache Tomcat 7.0.0 - 7.0.79
> CVE-2017-12616:Apache Tomcat 7.0.0 - 7.0.80
> {code}
> Solution
> {code}
> The official release of the Apache Tomcat 7.0.81 version has fixed the two 
> vulnerabilities and recommends upgrading to the latest version.
> {code}
> Reference
> {code}
> https://tomcat.apache.org/security-7.html
> http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (RANGER-1797) Tomcat Security Vulnerability Alert. The version of the tomcat for ranger should upgrade to 7.0.82.

2017-10-10 Thread peng.jianhua (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1797?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

peng.jianhua updated RANGER-1797:
-
Description: 
【Security Vulnerability Alert】Tomcat Information leakage and remote code 
execution vulnerabilities.
CVE ID:
{code}
CVE-2017-12615\CVE-2017-12616
{code}
Description
{code}
CVE-2017-12615:When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP 
PUTs enabled, it was possible to upload a JSP file to the server via a 
specially crafted request. This JSP could then be requested and any code it 
contained would be executed by the server.
CVE-2017-12616:When using a VirtualDirContext with Apache Tomcat 7.0.0 to 
7.0.80, it was possible to use a specially crafted request, bypass security 
constraints, or get the source code of JSPs for resources served by the 
VirtualDirContext, thereby cased code disclosure.
{code}
Scope
{code}
CVE-2017-12615:Apache Tomcat 7.0.0 - 7.0.79
CVE-2017-12616:Apache Tomcat 7.0.0 - 7.0.80
{code}
Solution
{code}
The official release of the Apache Tomcat 7.0.81 version has fixed the two 
vulnerabilities and recommends upgrading to the latest version.
{code}
Reference
{code}
https://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81
https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.82
{code}

  was:
【Security Vulnerability Alert】Tomcat Information leakage and remote code 
execution vulnerabilities.
CVE ID:
{code}
CVE-2017-12615\CVE-2017-12616
{code}
Description
{code}
CVE-2017-12615:When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP 
PUTs enabled, it was possible to upload a JSP file to the server via a 
specially crafted request. This JSP could then be requested and any code it 
contained would be executed by the server.
CVE-2017-12616:When using a VirtualDirContext with Apache Tomcat 7.0.0 to 
7.0.80, it was possible to use a specially crafted request, bypass security 
constraints, or get the source code of JSPs for resources served by the 
VirtualDirContext, thereby cased code disclosure.
{code}
Scope
{code}
CVE-2017-12615:Apache Tomcat 7.0.0 - 7.0.79
CVE-2017-12616:Apache Tomcat 7.0.0 - 7.0.80
{code}
Solution
{code}
The official release of the Apache Tomcat 7.0.81 version has fixed the two 
vulnerabilities and recommends upgrading to the latest version.
{code}
Reference
{code}
https://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81
{code}


> Tomcat Security Vulnerability Alert. The version of the tomcat for ranger 
> should upgrade to 7.0.82.
> ---
>
> Key: RANGER-1797
> URL: https://issues.apache.org/jira/browse/RANGER-1797
> Project: Ranger
>  Issue Type: Bug
>  Components: admin
>Affects Versions: 1.0.0, master
>Reporter: peng.jianhua
>Assignee: peng.jianhua
>  Labels: patch
> Attachments: 
> 0001-RANGER-1797-Tomcat-Security-Vulnerability-Alert.-The.patch
>
>
> 【Security Vulnerability Alert】Tomcat Information leakage and remote code 
> execution vulnerabilities.
> CVE ID:
> {code}
> CVE-2017-12615\CVE-2017-12616
> {code}
> Description
> {code}
> CVE-2017-12615:When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with 
> HTTP PUTs enabled, it was possible to upload a JSP file to the server via a 
> specially crafted request. This JSP could then be requested and any code it 
> contained would be executed by the server.
> CVE-2017-12616:When using a VirtualDirContext with Apache Tomcat 7.0.0 to 
> 7.0.80, it was possible to use a specially crafted request, bypass security 
> constraints, or get the source code of JSPs for resources served by the 
> VirtualDirContext, thereby cased code disclosure.
> {code}
> Scope
> {code}
> CVE-2017-12615:Apache Tomcat 7.0.0 - 7.0.79
> CVE-2017-12616:Apache Tomcat 7.0.0 - 7.0.80
> {code}
> Solution
> {code}
> The official release of the Apache Tomcat 7.0.81 version has fixed the two 
> vulnerabilities and recommends upgrading to the latest version.
> {code}
> Reference
> {code}
> https://tomcat.apache.org/security-7.html
> http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81
> https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.82
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)