Vulnerability from csaf_suse
Published
2017-11-22 08:33
Modified
2017-11-22 08:33
Summary
Security update for tomcat
Notes
Title of the patch
Security update for tomcat
Description of the patch
This update for tomcat fixes the following issues:
Security issues fixed:
- CVE-2017-5664: A problem in handling error pages was fixed, to avoid potential file overwrites during error page handling. (bsc#1042910).
- CVE-2017-7674: A CORS Filter issue could lead to client and server side cache poisoning (bsc#1053352)
- CVE-2017-12617: A remote code execution possibility via JSP Upload was fixed (bsc#1059554)
Non security bugs fixed:
- Fix tomcat-digest classpath error (bsc#977410)
- Fix packaged /etc/alternatives symlinks for api libs that caused
rpm -V to report link mismatch (bsc#1019016)
Patchnames
SUSE-SLE-RPI-12-SP2-2017-1874,SUSE-SLE-SERVER-12-SP2-2017-1874,SUSE-SLE-SERVER-12-SP3-2017-1874
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for tomcat", title: "Title of the patch", }, { category: "description", text: "This update for tomcat fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2017-5664: A problem in handling error pages was fixed, to avoid potential file overwrites during error page handling. (bsc#1042910).\n- CVE-2017-7674: A CORS Filter issue could lead to client and server side cache poisoning (bsc#1053352)\n- CVE-2017-12617: A remote code execution possibility via JSP Upload was fixed (bsc#1059554)\n\n\nNon security bugs fixed:\n\n- Fix tomcat-digest classpath error (bsc#977410) \n- Fix packaged /etc/alternatives symlinks for api libs that caused\n rpm -V to report link mismatch (bsc#1019016)\n", title: "Description of the patch", }, { category: "details", text: "SUSE-SLE-RPI-12-SP2-2017-1874,SUSE-SLE-SERVER-12-SP2-2017-1874,SUSE-SLE-SERVER-12-SP3-2017-1874", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_3039-1.json", }, { category: "self", summary: "URL for SUSE-SU-2017:3039-1", url: "https://www.suse.com/support/update/announcement/2017/suse-su-20173039-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2017:3039-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2017-November/003401.html", }, { category: "self", summary: "SUSE Bug 1019016", url: "https://bugzilla.suse.com/1019016", }, { category: "self", summary: "SUSE Bug 1042910", url: "https://bugzilla.suse.com/1042910", }, { category: "self", summary: "SUSE Bug 1053352", url: "https://bugzilla.suse.com/1053352", }, { category: "self", summary: "SUSE Bug 1059554", url: "https://bugzilla.suse.com/1059554", }, { category: "self", summary: "SUSE Bug 977410", url: "https://bugzilla.suse.com/977410", }, { category: "self", summary: "SUSE CVE CVE-2017-12617 page", url: "https://www.suse.com/security/cve/CVE-2017-12617/", }, { category: "self", summary: "SUSE CVE CVE-2017-5664 page", url: "https://www.suse.com/security/cve/CVE-2017-5664/", }, { category: "self", summary: "SUSE CVE CVE-2017-7674 page", url: "https://www.suse.com/security/cve/CVE-2017-7674/", }, ], title: "Security update for tomcat", tracking: { current_release_date: "2017-11-22T08:33:59Z", generator: { date: "2017-11-22T08:33:59Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2017:3039-1", initial_release_date: "2017-11-22T08:33:59Z", revision_history: [ { date: "2017-11-22T08:33:59Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "tomcat-8.0.43-29.5.1.noarch", product: { name: "tomcat-8.0.43-29.5.1.noarch", product_id: "tomcat-8.0.43-29.5.1.noarch", }, }, { category: "product_version", name: "tomcat-admin-webapps-8.0.43-29.5.1.noarch", product: { name: "tomcat-admin-webapps-8.0.43-29.5.1.noarch", product_id: "tomcat-admin-webapps-8.0.43-29.5.1.noarch", }, }, { category: "product_version", name: "tomcat-docs-webapp-8.0.43-29.5.1.noarch", product: { name: "tomcat-docs-webapp-8.0.43-29.5.1.noarch", product_id: "tomcat-docs-webapp-8.0.43-29.5.1.noarch", }, }, { category: "product_version", name: "tomcat-el-3_0-api-8.0.43-29.5.1.noarch", product: { name: "tomcat-el-3_0-api-8.0.43-29.5.1.noarch", product_id: "tomcat-el-3_0-api-8.0.43-29.5.1.noarch", }, }, { category: "product_version", name: "tomcat-javadoc-8.0.43-29.5.1.noarch", product: { name: "tomcat-javadoc-8.0.43-29.5.1.noarch", product_id: "tomcat-javadoc-8.0.43-29.5.1.noarch", }, }, { category: "product_version", name: "tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", product: { name: "tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", product_id: "tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", }, }, { category: "product_version", name: "tomcat-lib-8.0.43-29.5.1.noarch", product: { name: "tomcat-lib-8.0.43-29.5.1.noarch", product_id: "tomcat-lib-8.0.43-29.5.1.noarch", }, }, { category: "product_version", name: "tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", product: { name: "tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", product_id: "tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", }, }, { category: "product_version", name: "tomcat-webapps-8.0.43-29.5.1.noarch", product: { name: "tomcat-webapps-8.0.43-29.5.1.noarch", product_id: "tomcat-webapps-8.0.43-29.5.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", product: { name: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", product_id: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", product_identification_helper: { cpe: "cpe:/o:suse:sles:12:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP2", product: { name: "SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2", product_identification_helper: { cpe: "cpe:/o:suse:sles:12:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP3", product: { name: "SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sles:12:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp3", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "tomcat-8.0.43-29.5.1.noarch as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", product_id: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-8.0.43-29.5.1.noarch", }, product_reference: "tomcat-8.0.43-29.5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", }, { category: "default_component_of", full_product_name: { name: "tomcat-admin-webapps-8.0.43-29.5.1.noarch as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", product_id: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-admin-webapps-8.0.43-29.5.1.noarch", }, product_reference: "tomcat-admin-webapps-8.0.43-29.5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", }, { category: "default_component_of", full_product_name: { name: "tomcat-docs-webapp-8.0.43-29.5.1.noarch as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", product_id: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-docs-webapp-8.0.43-29.5.1.noarch", }, product_reference: "tomcat-docs-webapp-8.0.43-29.5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", }, { category: "default_component_of", full_product_name: { name: "tomcat-el-3_0-api-8.0.43-29.5.1.noarch as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", product_id: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", }, product_reference: "tomcat-el-3_0-api-8.0.43-29.5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", }, { category: "default_component_of", full_product_name: { name: "tomcat-javadoc-8.0.43-29.5.1.noarch as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", product_id: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-javadoc-8.0.43-29.5.1.noarch", }, product_reference: "tomcat-javadoc-8.0.43-29.5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", }, { category: "default_component_of", full_product_name: { name: "tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", product_id: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", }, product_reference: "tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", }, { category: "default_component_of", full_product_name: { name: "tomcat-lib-8.0.43-29.5.1.noarch as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", product_id: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-lib-8.0.43-29.5.1.noarch", }, product_reference: "tomcat-lib-8.0.43-29.5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", }, { category: "default_component_of", full_product_name: { name: "tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", product_id: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", }, product_reference: "tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", }, { category: "default_component_of", full_product_name: { name: "tomcat-webapps-8.0.43-29.5.1.noarch as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", product_id: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-webapps-8.0.43-29.5.1.noarch", }, product_reference: "tomcat-webapps-8.0.43-29.5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2", }, { category: "default_component_of", full_product_name: { name: "tomcat-8.0.43-29.5.1.noarch as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:tomcat-8.0.43-29.5.1.noarch", }, product_reference: "tomcat-8.0.43-29.5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "tomcat-admin-webapps-8.0.43-29.5.1.noarch as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:tomcat-admin-webapps-8.0.43-29.5.1.noarch", }, product_reference: "tomcat-admin-webapps-8.0.43-29.5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "tomcat-docs-webapp-8.0.43-29.5.1.noarch as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:tomcat-docs-webapp-8.0.43-29.5.1.noarch", }, product_reference: "tomcat-docs-webapp-8.0.43-29.5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "tomcat-el-3_0-api-8.0.43-29.5.1.noarch as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", }, product_reference: "tomcat-el-3_0-api-8.0.43-29.5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "tomcat-javadoc-8.0.43-29.5.1.noarch as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:tomcat-javadoc-8.0.43-29.5.1.noarch", }, product_reference: "tomcat-javadoc-8.0.43-29.5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", }, product_reference: "tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "tomcat-lib-8.0.43-29.5.1.noarch as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:tomcat-lib-8.0.43-29.5.1.noarch", }, product_reference: "tomcat-lib-8.0.43-29.5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", }, product_reference: "tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "tomcat-webapps-8.0.43-29.5.1.noarch as component of SUSE Linux Enterprise Server 12 SP2", product_id: "SUSE Linux Enterprise Server 12 SP2:tomcat-webapps-8.0.43-29.5.1.noarch", }, product_reference: "tomcat-webapps-8.0.43-29.5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP2", }, { category: "default_component_of", full_product_name: { name: "tomcat-8.0.43-29.5.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-8.0.43-29.5.1.noarch", }, product_reference: "tomcat-8.0.43-29.5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "tomcat-admin-webapps-8.0.43-29.5.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-admin-webapps-8.0.43-29.5.1.noarch", }, product_reference: "tomcat-admin-webapps-8.0.43-29.5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "tomcat-docs-webapp-8.0.43-29.5.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-docs-webapp-8.0.43-29.5.1.noarch", }, product_reference: "tomcat-docs-webapp-8.0.43-29.5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "tomcat-el-3_0-api-8.0.43-29.5.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", }, product_reference: "tomcat-el-3_0-api-8.0.43-29.5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "tomcat-javadoc-8.0.43-29.5.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-javadoc-8.0.43-29.5.1.noarch", }, product_reference: "tomcat-javadoc-8.0.43-29.5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", }, product_reference: "tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "tomcat-lib-8.0.43-29.5.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-lib-8.0.43-29.5.1.noarch", }, product_reference: "tomcat-lib-8.0.43-29.5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", }, product_reference: "tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "tomcat-webapps-8.0.43-29.5.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-webapps-8.0.43-29.5.1.noarch", }, product_reference: "tomcat-webapps-8.0.43-29.5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP2", }, { category: "default_component_of", full_product_name: { name: "tomcat-8.0.43-29.5.1.noarch as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:tomcat-8.0.43-29.5.1.noarch", }, product_reference: "tomcat-8.0.43-29.5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "tomcat-admin-webapps-8.0.43-29.5.1.noarch as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:tomcat-admin-webapps-8.0.43-29.5.1.noarch", }, product_reference: "tomcat-admin-webapps-8.0.43-29.5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "tomcat-docs-webapp-8.0.43-29.5.1.noarch as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:tomcat-docs-webapp-8.0.43-29.5.1.noarch", }, product_reference: "tomcat-docs-webapp-8.0.43-29.5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "tomcat-el-3_0-api-8.0.43-29.5.1.noarch as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", }, product_reference: "tomcat-el-3_0-api-8.0.43-29.5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "tomcat-javadoc-8.0.43-29.5.1.noarch as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:tomcat-javadoc-8.0.43-29.5.1.noarch", }, product_reference: "tomcat-javadoc-8.0.43-29.5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", }, product_reference: "tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "tomcat-lib-8.0.43-29.5.1.noarch as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:tomcat-lib-8.0.43-29.5.1.noarch", }, product_reference: "tomcat-lib-8.0.43-29.5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", }, product_reference: "tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "tomcat-webapps-8.0.43-29.5.1.noarch as component of SUSE Linux Enterprise Server 12 SP3", product_id: "SUSE Linux Enterprise Server 12 SP3:tomcat-webapps-8.0.43-29.5.1.noarch", }, product_reference: "tomcat-webapps-8.0.43-29.5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP3", }, { category: "default_component_of", full_product_name: { name: "tomcat-8.0.43-29.5.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-8.0.43-29.5.1.noarch", }, product_reference: "tomcat-8.0.43-29.5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "tomcat-admin-webapps-8.0.43-29.5.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-admin-webapps-8.0.43-29.5.1.noarch", }, product_reference: "tomcat-admin-webapps-8.0.43-29.5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "tomcat-docs-webapp-8.0.43-29.5.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-docs-webapp-8.0.43-29.5.1.noarch", }, product_reference: "tomcat-docs-webapp-8.0.43-29.5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "tomcat-el-3_0-api-8.0.43-29.5.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", }, product_reference: "tomcat-el-3_0-api-8.0.43-29.5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "tomcat-javadoc-8.0.43-29.5.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-javadoc-8.0.43-29.5.1.noarch", }, product_reference: "tomcat-javadoc-8.0.43-29.5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", }, product_reference: "tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "tomcat-lib-8.0.43-29.5.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-lib-8.0.43-29.5.1.noarch", }, product_reference: "tomcat-lib-8.0.43-29.5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", }, product_reference: "tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, { category: "default_component_of", full_product_name: { name: "tomcat-webapps-8.0.43-29.5.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-webapps-8.0.43-29.5.1.noarch", }, product_reference: "tomcat-webapps-8.0.43-29.5.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP3", }, ], }, vulnerabilities: [ { cve: "CVE-2017-12617", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-12617", }, ], notes: [ { category: "general", text: "When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP2:tomcat-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-admin-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-docs-webapp-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-javadoc-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-lib-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-admin-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-docs-webapp-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-javadoc-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-lib-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-admin-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-docs-webapp-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-javadoc-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-lib-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-admin-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-docs-webapp-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-javadoc-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-lib-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-admin-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-docs-webapp-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-javadoc-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-lib-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-webapps-8.0.43-29.5.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2017-12617", url: "https://www.suse.com/security/cve/CVE-2017-12617", }, { category: "external", summary: "SUSE Bug 1059554 for CVE-2017-12617", url: "https://bugzilla.suse.com/1059554", }, { category: "external", summary: "SUSE Bug 1062607 for CVE-2017-12617", url: "https://bugzilla.suse.com/1062607", }, { category: "external", summary: "SUSE Bug 1180947 for CVE-2017-12617", url: "https://bugzilla.suse.com/1180947", }, { category: "external", summary: "SUSE Bug 1189861 for CVE-2017-12617", url: "https://bugzilla.suse.com/1189861", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP2:tomcat-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-admin-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-docs-webapp-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-javadoc-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-lib-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-admin-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-docs-webapp-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-javadoc-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-lib-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-admin-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-docs-webapp-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-javadoc-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-lib-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-admin-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-docs-webapp-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-javadoc-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-lib-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-admin-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-docs-webapp-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-javadoc-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-lib-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-webapps-8.0.43-29.5.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP2:tomcat-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-admin-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-docs-webapp-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-javadoc-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-lib-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-admin-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-docs-webapp-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-javadoc-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-lib-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-admin-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-docs-webapp-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-javadoc-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-lib-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-admin-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-docs-webapp-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-javadoc-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-lib-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-admin-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-docs-webapp-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-javadoc-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-lib-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-webapps-8.0.43-29.5.1.noarch", ], }, ], threats: [ { category: "impact", date: "2017-11-22T08:33:59Z", details: "moderate", }, ], title: "CVE-2017-12617", }, { cve: "CVE-2017-5664", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-5664", }, ], notes: [ { category: "general", text: "The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat 9.0.0.M1 to 9.0.0.M20, 8.5.0 to 8.5.14, 8.0.0.RC1 to 8.0.43 and 7.0.0 to 7.0.77 did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the HTTP method. JSPs used as error pages must must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP2:tomcat-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-admin-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-docs-webapp-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-javadoc-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-lib-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-admin-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-docs-webapp-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-javadoc-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-lib-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-admin-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-docs-webapp-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-javadoc-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-lib-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-admin-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-docs-webapp-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-javadoc-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-lib-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-admin-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-docs-webapp-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-javadoc-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-lib-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-webapps-8.0.43-29.5.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2017-5664", url: "https://www.suse.com/security/cve/CVE-2017-5664", }, { category: "external", summary: "SUSE Bug 1042910 for CVE-2017-5664", url: "https://bugzilla.suse.com/1042910", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP2:tomcat-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-admin-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-docs-webapp-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-javadoc-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-lib-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-admin-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-docs-webapp-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-javadoc-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-lib-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-admin-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-docs-webapp-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-javadoc-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-lib-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-admin-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-docs-webapp-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-javadoc-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-lib-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-admin-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-docs-webapp-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-javadoc-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-lib-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-webapps-8.0.43-29.5.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP2:tomcat-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-admin-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-docs-webapp-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-javadoc-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-lib-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-admin-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-docs-webapp-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-javadoc-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-lib-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-admin-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-docs-webapp-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-javadoc-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-lib-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-admin-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-docs-webapp-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-javadoc-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-lib-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-admin-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-docs-webapp-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-javadoc-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-lib-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-webapps-8.0.43-29.5.1.noarch", ], }, ], threats: [ { category: "impact", date: "2017-11-22T08:33:59Z", details: "important", }, ], title: "CVE-2017-5664", }, { cve: "CVE-2017-7674", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-7674", }, ], notes: [ { category: "general", text: "The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP2:tomcat-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-admin-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-docs-webapp-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-javadoc-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-lib-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-admin-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-docs-webapp-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-javadoc-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-lib-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-admin-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-docs-webapp-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-javadoc-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-lib-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-admin-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-docs-webapp-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-javadoc-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-lib-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-admin-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-docs-webapp-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-javadoc-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-lib-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-webapps-8.0.43-29.5.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2017-7674", url: "https://www.suse.com/security/cve/CVE-2017-7674", }, { category: "external", summary: "SUSE Bug 1053352 for CVE-2017-7674", url: "https://bugzilla.suse.com/1053352", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP2:tomcat-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-admin-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-docs-webapp-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-javadoc-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-lib-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-admin-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-docs-webapp-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-javadoc-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-lib-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-admin-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-docs-webapp-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-javadoc-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-lib-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-admin-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-docs-webapp-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-javadoc-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-lib-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-admin-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-docs-webapp-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-javadoc-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-lib-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-webapps-8.0.43-29.5.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12 SP2:tomcat-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-admin-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-docs-webapp-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-javadoc-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-lib-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP2:tomcat-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-admin-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-docs-webapp-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-javadoc-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-lib-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server 12 SP3:tomcat-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-admin-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-docs-webapp-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-javadoc-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-lib-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:tomcat-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-admin-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-docs-webapp-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-javadoc-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-lib-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP2:tomcat-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-admin-webapps-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-docs-webapp-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-el-3_0-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-javadoc-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-jsp-2_3-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-lib-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-servlet-3_1-api-8.0.43-29.5.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-webapps-8.0.43-29.5.1.noarch", ], }, ], threats: [ { category: "impact", date: "2017-11-22T08:33:59Z", details: "moderate", }, ], title: "CVE-2017-7674", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.