========================================================================== Ubuntu Security Notice USN-7282-1 February 21, 2025
tomcat7 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
tomcat7 could be made to execute arbitrary code.
Software Description:
- tomcat7: Servlet and JSP engine
Details:
It was discovered that Tomcat incorrectly handled being configured with
HTTP PUTs enabled. A remote attacker could use this issue to upload a JSP
file to the server and execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS
libtomcat7-java 7.0.68-1ubuntu0.4+esm3
Available with Ubuntu Pro
tomcat7 7.0.68-1ubuntu0.4+esm3
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7282-1
CVE-2017-12616, CVE-2017-12617
OpenPGP_signature.asc
Description: OpenPGP digital signature
