Our internal team has reported this vulnerability on CentOS 6. From the internet, I did not see anywhere about this vulnerability in CentOS. Though., there is no much difference between RHEL and CentOS except for brand renaming. I want to make sure if there are any patches released for this vulnerability.
please let me know if there are any patches.
thanks
CVE-2017-12615 Apache tomcat RCE via JSP upload
-
- Posts: 6
- Joined: 2017/10/02 19:18:30
Re: CVE-2017-12615 Apache tomcat RCE via JSP upload
https://access.redhat.com/security/cve/cve-2017-12615
https://access.redhat.com/errata/RHSA-2017:3080
rpm -q tomcat6 should report a version higher than or equal to tomcat6-6.0.24-111.el6_9.noarch.rpm
and
rpm -q --changelog tomcat6 should contain
- Resolves: rhbz#1498345 CVE-2017-12615 CVE-2017-12617 tomcat6: various flaws
https://access.redhat.com/errata/RHSA-2017:3080
rpm -q tomcat6 should report a version higher than or equal to tomcat6-6.0.24-111.el6_9.noarch.rpm
and
rpm -q --changelog tomcat6 should contain
- Resolves: rhbz#1498345 CVE-2017-12615 CVE-2017-12617 tomcat6: various flaws
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke