You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@kylin.apache.org by "peng.jianhua (JIRA)" <ji...@apache.org> on 2017/10/11 01:52:00 UTC

[jira] [Comment Edited] (KYLIN-2891) Tomcat Security Vulnerability Alert. The version of the tomcat for kylin should upgrade to 7.0.82.

    [ https://issues.apache.org/jira/browse/KYLIN-2891?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16199683#comment-16199683 ] 

peng.jianhua edited comment on KYLIN-2891 at 10/11/17 1:51 AM:
---------------------------------------------------------------

[~yimingliu], ok. I will update the patch. Thanks.


was (Author: peng.jianhua):
[~yimingliu], ok. I had updated the patch. Please download the latest patch. Thanks.

> Tomcat Security Vulnerability Alert. The version of the tomcat for kylin should upgrade to 7.0.82.
> --------------------------------------------------------------------------------------------------
>
>                 Key: KYLIN-2891
>                 URL: https://issues.apache.org/jira/browse/KYLIN-2891
>             Project: Kylin
>          Issue Type: Bug
>          Components: Website
>    Affects Versions: v2.0.0, v2.1.0
>            Reporter: peng.jianhua
>            Assignee: peng.jianhua
>              Labels: patch
>         Attachments: 0001-KYLIN-2891-Tomcat-Security-Vulnerability-Alert.-The-.patch
>
>
> 【Security Vulnerability Alert】Tomcat Information leakage and remote code execution vulnerabilities.
> CVE ID:
> {code}
> CVE-2017-12617
> {code}
> Description
> {code}
> When running with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
> {code}
> Scope
> {code}
> Affects: 7.0.0 to 7.0.81
> {code}
> Solution
> {code}
> The official release of the Apache Tomcat 7.0.82 version has fixed the  vulnerability and recommends upgrading to the 7.0.82 version.
> {code}
> Reference
> {code}
> https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.82
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)