137 lines
5.2 KiB
JSON
137 lines
5.2 KiB
JSON
{
|
||
"Definition": [
|
||
{
|
||
"ID": "oval:org.altlinux.errata:def:20172666",
|
||
"Version": "oval:org.altlinux.errata:def:20172666",
|
||
"Class": "patch",
|
||
"Metadata": {
|
||
"Title": "ALT-PU-2017-2666: package `tomcat` update to version 8.0.47-alt1_2jpp8",
|
||
"AffectedList": [
|
||
{
|
||
"Family": "unix",
|
||
"Platforms": [
|
||
"ALT Linux branch c10f1"
|
||
],
|
||
"Products": [
|
||
"ALT SP Workstation",
|
||
"ALT SP Server"
|
||
]
|
||
}
|
||
],
|
||
"References": [
|
||
{
|
||
"RefID": "ALT-PU-2017-2666",
|
||
"RefURL": "https://errata.altlinux.org/ALT-PU-2017-2666",
|
||
"Source": "ALTPU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2023-01045",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2023-01045",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "CVE-2017-12617",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12617",
|
||
"Source": "CVE"
|
||
}
|
||
],
|
||
"Description": "This update upgrades tomcat to version 8.0.47-alt1_2jpp8. \nSecurity Fix(es):\n\n * BDU:2023-01045: Уязвимость сервера приложений Apache Tomcat, связанная с отсутствием ограничений на загрузку файлов, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2017-12617: When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.",
|
||
"Advisory": {
|
||
"From": "errata.altlinux.org",
|
||
"Severity": "High",
|
||
"Rights": "Copyright 2024 BaseALT Ltd.",
|
||
"Issued": {
|
||
"Date": "2017-11-18"
|
||
},
|
||
"Updated": {
|
||
"Date": "2017-11-18"
|
||
},
|
||
"BDUs": [
|
||
{
|
||
"ID": "BDU:2023-01045",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
|
||
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-434",
|
||
"Href": "https://bdu.fstec.ru/vul/2023-01045",
|
||
"Impact": "High",
|
||
"Public": "20171003"
|
||
}
|
||
],
|
||
"CVEs": [
|
||
{
|
||
"ID": "CVE-2017-12617",
|
||
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
|
||
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-434",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-12617",
|
||
"Impact": "High",
|
||
"Public": "20171004"
|
||
}
|
||
],
|
||
"AffectedCPEs": {
|
||
"CPEs": [
|
||
"cpe:/o:alt:spworkstation:10",
|
||
"cpe:/o:alt:spserver:10"
|
||
]
|
||
}
|
||
}
|
||
},
|
||
"Criteria": {
|
||
"Operator": "AND",
|
||
"Criterions": [
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:4001",
|
||
"Comment": "ALT Linux must be installed"
|
||
}
|
||
],
|
||
"Criterias": [
|
||
{
|
||
"Operator": "OR",
|
||
"Criterions": [
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20172666001",
|
||
"Comment": "tomcat is earlier than 1:8.0.47-alt1_2jpp8"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20172666002",
|
||
"Comment": "tomcat-admin-webapps is earlier than 1:8.0.47-alt1_2jpp8"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20172666003",
|
||
"Comment": "tomcat-docs-webapp is earlier than 1:8.0.47-alt1_2jpp8"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20172666004",
|
||
"Comment": "tomcat-el-3.0-api is earlier than 1:8.0.47-alt1_2jpp8"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20172666005",
|
||
"Comment": "tomcat-javadoc is earlier than 1:8.0.47-alt1_2jpp8"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20172666006",
|
||
"Comment": "tomcat-jsp-2.3-api is earlier than 1:8.0.47-alt1_2jpp8"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20172666007",
|
||
"Comment": "tomcat-jsvc is earlier than 1:8.0.47-alt1_2jpp8"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20172666008",
|
||
"Comment": "tomcat-lib is earlier than 1:8.0.47-alt1_2jpp8"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20172666009",
|
||
"Comment": "tomcat-servlet-3.1-api is earlier than 1:8.0.47-alt1_2jpp8"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20172666010",
|
||
"Comment": "tomcat-webapps is earlier than 1:8.0.47-alt1_2jpp8"
|
||
}
|
||
]
|
||
}
|
||
]
|
||
}
|
||
}
|
||
]
|
||
} |