Page 1 of 1

CVE-2017-12615 Apache tomcat RCE via JSP upload

Posted: 2018/06/25 17:15:07
by Sukumar2574
Our internal team has reported this vulnerability on CentOS 6. From the internet, I did not see anywhere about this vulnerability in CentOS. Though., there is no much difference between RHEL and CentOS except for brand renaming. I want to make sure if there are any patches released for this vulnerability.


please let me know if there are any patches.


thanks

Re: CVE-2017-12615 Apache tomcat RCE via JSP upload

Posted: 2018/06/25 17:45:23
by TrevorH
https://access.redhat.com/security/cve/cve-2017-12615
https://access.redhat.com/errata/RHSA-2017:3080

rpm -q tomcat6 should report a version higher than or equal to tomcat6-6.0.24-111.el6_9.noarch.rpm
and
rpm -q --changelog tomcat6 should contain

- Resolves: rhbz#1498345 CVE-2017-12615 CVE-2017-12617 tomcat6: various flaws