Search for packages
| purl | pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.0.7 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-ah95-hj74-aaaq
Aliases: CVE-2017-12617 GHSA-xjgh-84hx-56c5 |
Unrestricted Upload of File with Dangerous Type When running Apache Tomcat with HTTP PUTs enabled it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. |
Affected by 19 other vulnerabilities. Affected by 15 other vulnerabilities. Affected by 37 other vulnerabilities. Affected by 39 other vulnerabilities. |
|
VCID-yv8m-r56n-aaan
Aliases: CVE-2017-5664 GHSA-jmvv-524f-hj5j |
Improper Handling of Exceptional Conditions The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. The Default Servlet in Apache Tomcat does not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the HTTP method. JSPs used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method. |
Affected by 19 other vulnerabilities. Affected by 16 other vulnerabilities. Affected by 39 other vulnerabilities. Affected by 39 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2024-09-17T22:40:51.020421+00:00 | GitLab Importer | Affected by | VCID-ah95-hj74-aaaq | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2017-12617.yml | 34.0.1 |
| 2024-09-17T22:40:47.143381+00:00 | GitLab Importer | Affected by | VCID-yv8m-r56n-aaan | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2017-5664.yml | 34.0.1 |
| 2024-01-03T18:03:14.483788+00:00 | GitLab Importer | Affected by | VCID-ah95-hj74-aaaq | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2017-12617.yml | 34.0.0rc1 |
| 2024-01-03T18:03:10.881584+00:00 | GitLab Importer | Affected by | VCID-yv8m-r56n-aaan | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tomcat.embed/tomcat-embed-core/CVE-2017-5664.yml | 34.0.0rc1 |