CVE-2017-12617

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

CVSS v3 8.1 HIGH
CVSS v2.0 6.8 MEDIUM

8.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html	Patch Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html	Patch Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	Patch Third Party Advisory
http://www.securityfocus.com/bid/100954	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039552	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2017:3080	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3081	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3113	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3114	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0268	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0269	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0270	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0271	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0275	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0465	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0466	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2939	Third Party Advisory
https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/3fd341a604c4e9eab39e7eaabbbac39c30101a022acc11dd09d7ebcb%40%3Cannounce.tomcat.apache.org%3E	Issue Tracking Mailing List
https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch
https://lists.debian.org/debian-lts-announce/2017/11/msg00009.html	Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20171018-0002/	Third Party Advisory
https://security.netapp.com/advisory/ntap-20180117-0002/	Third Party Advisory
https://support.f5.com/csp/article/K53173544	Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03812en_us	Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us	Third Party Advisory
https://usn.ubuntu.com/3665-1/	Third Party Advisory
https://www.exploit-db.com/exploits/42966/	Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/43008/	Exploit Third Party Advisory VDB Entry
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	Patch Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:tomcat::::::::
	cpe:2.3:a:apache:tomcat::::::::
	cpe:2.3:a:apache:tomcat::::::::
	cpe:2.3:a:apache:tomcat::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::esm:::

Configuration 3 (hide)

OR	cpe:2.3:a:oracle:agile_plm:9.3.3:::::::*
	cpe:2.3:a:oracle:agile_plm:9.3.4:::::::*
	cpe:2.3:a:oracle:agile_plm:9.3.5:::::::*
	cpe:2.3:a:oracle:agile_plm:9.3.6:::::::*
	cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1:::::::*
	cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.1.0:::::::*
	cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:::::::*
	cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:12.1.0.4.0:::::::*
	cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure::::::::
	cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure::::::::
	cpe:2.3:a:oracle:fmw_platform:12.2.1.2.0:::::::*
	cpe:2.3:a:oracle:fmw_platform:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:health_sciences_empirica_inspections:1.0.1.1:::::::*
	cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:::::::*
	cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:::::::*
	cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:::::::*
	cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:::::::*
	cpe:2.3:a:oracle:management_pack:11.2.1.0.13:::::goldengate::
	cpe:2.3:a:oracle:micros_lucas:2.9.5:::::::*
	cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.0.1:::::::*
	cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.5.0:::::::*
	cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.6.0:::::::*
	cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.7.0:::::::*
	cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.8.0:::::::*
	cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.8.1:::::::*
	cpe:2.3:a:oracle:mysql_enterprise_monitor::::::::
	cpe:2.3:a:oracle:mysql_enterprise_monitor::::::::
	cpe:2.3:a:oracle:mysql_enterprise_monitor::::::::
	cpe:2.3:a:oracle:retail_advanced_inventory_planning:13.2:::::::*
	cpe:2.3:a:oracle:retail_advanced_inventory_planning:13.4:::::::*
	cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1:::::::*
	cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:::::::*
	cpe:2.3:a:oracle:retail_back_office:14.0.4:::::::*
	cpe:2.3:a:oracle:retail_back_office:14.1.3:::::::*
	cpe:2.3:a:oracle:retail_central_office:14.0.4:::::::*
	cpe:2.3:a:oracle:retail_central_office:14.1.3:::::::*
	cpe:2.3:a:oracle:retail_convenience_and_fuel_pos_software:2.1.132:::::::*
	cpe:2.3:a:oracle:retail_eftlink:1.1.124:::::::*
	cpe:2.3:a:oracle:retail_eftlink:15.0.1:::::::*
	cpe:2.3:a:oracle:retail_eftlink:16.0.2:::::::*
	cpe:2.3:a:oracle:retail_insights:14.0:::::::*
	cpe:2.3:a:oracle:retail_insights:14.1:::::::*
	cpe:2.3:a:oracle:retail_insights:15.0:::::::*
	cpe:2.3:a:oracle:retail_insights:16.0:::::::*
	cpe:2.3:a:oracle:retail_invoice_matching:12.0:::::::*
	cpe:2.3:a:oracle:retail_invoice_matching:13.0:::::::*
	cpe:2.3:a:oracle:retail_invoice_matching:13.1:::::::*
	cpe:2.3:a:oracle:retail_invoice_matching:13.2:::::::*
	cpe:2.3:a:oracle:retail_invoice_matching:14.0:::::::*
	cpe:2.3:a:oracle:retail_invoice_matching:14.1:::::::*
	cpe:2.3:a:oracle:retail_invoice_matching:15.0:::::::*
	cpe:2.3:a:oracle:retail_invoice_matching:16.0:::::::*
	cpe:2.3:a:oracle:retail_order_broker:5.0:::::::*
	cpe:2.3:a:oracle:retail_order_broker:5.1:::::::*
	cpe:2.3:a:oracle:retail_order_broker:5.2:::::::*
	cpe:2.3:a:oracle:retail_order_broker:15.0:::::::*
	cpe:2.3:a:oracle:retail_order_broker:16.0:::::::*
	cpe:2.3:a:oracle:retail_order_management_system:4.0:::::::*
	cpe:2.3:a:oracle:retail_order_management_system:4.5:::::::*
	cpe:2.3:a:oracle:retail_order_management_system:4.7:::::::*
	cpe:2.3:a:oracle:retail_order_management_system:5.0:::::::*
	cpe:2.3:a:oracle:retail_point-of-service:14.0.4:::::::*
	cpe:2.3:a:oracle:retail_point-of-service:14.1.3:::::::*
	cpe:2.3:a:oracle:retail_price_management:12.0:::::::*
cpe:2.3:a:oracle:retail_price_management:13.0:::::::*
cpe:2.3:a:oracle:retail_price_management:13.1:::::::*
cpe:2.3:a:oracle:retail_price_management:13.2:::::::*
cpe:2.3:a:oracle:retail_price_management:14.0:::::::*
cpe:2.3:a:oracle:retail_price_management:14.1:::::::*
cpe:2.3:a:oracle:retail_price_management:15.0:::::::*
cpe:2.3:a:oracle:retail_price_management:16.0:::::::*
cpe:2.3:a:oracle:retail_returns_management:2.3.8:::::::*
cpe:2.3:a:oracle:retail_returns_management:2.4.9:::::::*
cpe:2.3:a:oracle:retail_returns_management:14.0.4:::::::*
cpe:2.3:a:oracle:retail_returns_management:14.1.3:::::::*
cpe:2.3:a:oracle:retail_store_inventory_management:12.0.12:::::::*
cpe:2.3:a:oracle:retail_store_inventory_management:13.0.7:::::::*
cpe:2.3:a:oracle:retail_store_inventory_management:13.1.9:::::::*
cpe:2.3:a:oracle:retail_store_inventory_management:13.2.9:::::::*
cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4:::::::*
cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3:::::::*
cpe:2.3:a:oracle:retail_store_inventory_management:15.0.2:::::::*
cpe:2.3:a:oracle:retail_store_inventory_management:16.0.1:::::::*
cpe:2.3:a:oracle:retail_xstore_point_of_service:6.0.11:::::::*
cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0.6:::::::*
cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1.6:::::::*
cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.1:::::::*
cpe:2.3:a:oracle:transportation_management:6.3.1:::::::*
cpe:2.3:a:oracle:transportation_management:6.3.2:::::::*
cpe:2.3:a:oracle:transportation_management:6.3.3:::::::*
cpe:2.3:a:oracle:transportation_management:6.3.4:::::::*
cpe:2.3:a:oracle:transportation_management:6.3.5:::::::*
cpe:2.3:a:oracle:transportation_management:6.3.6:::::::*
cpe:2.3:a:oracle:transportation_management:6.3.7:::::::*
cpe:2.3:a:oracle:tuxedo_system_and_applications_monitor:12.1.3.0.0:::::::*
cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:::::::*
cpe:2.3:a:oracle:workload_manager:12.2.0.1:::::::*

Configuration 4 (hide)

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Configuration 5 (hide)

OR	cpe:2.3:a:netapp:active_iq_unified_manager::::::windows::*
	cpe:2.3:a:netapp:active_iq_unified_manager::::::vmware_vsphere::*
	cpe:2.3:a:netapp:oncommand_balance:-:::::::*
	cpe:2.3:a:netapp:oncommand_insight:-:::::::*
	cpe:2.3:a:netapp:oncommand_shift:-:::::::*
	cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*
	cpe:2.3:a:netapp:snapcenter:-:::::::*
	cpe:2.3:o:netapp:element:-:::::vcenter_server::

Configuration 6 (hide)

OR	cpe:2.3:a:redhat:fuse:1.0:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_web_server_text-only_advisories:-:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.4_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.5_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.6_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.7_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0_ppc64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4_ppc64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.5_ppc64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6_ppc64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.4_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.5_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.6_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.7_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

History

16 Jul 2024, 17:58

07 Nov 2023, 02:38

Type	Values Removed	Values Added
References	{'url': 'https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E', 'name': '[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E', 'name': '[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E', 'name': '[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E', 'name': '[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E', 'name': '[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E', 'name': '[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E', 'name': '[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E', 'name': '[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E', 'name': '[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E', 'name': '[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E', 'name': '[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/3fd341a604c4e9eab39e7eaabbbac39c30101a022acc11dd09d7ebcb@%3Cannounce.tomcat.apache.org%3E', 'name': '[announce] 20171003 [SECURITY] CVE-2017-12617 Apache Tomcat Remote Code Execution via JSP upload', 'tags': ['Mailing List', 'Vendor Advisory'], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E', 'name': '[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E', 'name': '[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E', 'name': '[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E', 'name': '[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/', 'tags': [], 'refsource': 'MLIST'} {'url': 'https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E', 'name': '[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/', 'tags': [], 'refsource': 'MLIST'}	() https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E - () https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E - () https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E - () https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E - () https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E - () https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E - () https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E - () https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E - () https://lists.apache.org/thread.html/3fd341a604c4e9eab39e7eaabbbac39c30101a022acc11dd09d7ebcb%40%3Cannounce.tomcat.apache.org%3E - () https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E - () https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E - () https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E - () https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E - () https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E - () https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E - () https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E - () https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E -

Information

Published : 2017-10-04 01:29

Updated : 2024-07-16 17:58

NVD link : CVE-2017-12617

Mitre link : CVE-2017-12617

CVE.ORG link : CVE-2017-12617

JSON object : View

Products Affected

oracle

retail_order_broker
mysql_enterprise_monitor
hospitality_guest_access
retail_convenience_and_fuel_pos_software
retail_insights
fmw_platform
retail_invoice_matching
transportation_management
health_sciences_empirica_inspections
communications_instant_messaging_server
webcenter_sites
retail_point-of-service
instantis_enterprisetrack
retail_xstore_point_of_service
endeca_information_discovery_integrator
retail_eftlink
micros_lucas
retail_returns_management
agile_plm
retail_advanced_inventory_planning
management_pack
workload_manager
enterprise_manager_for_mysql_database
tuxedo_system_and_applications_monitor
retail_back_office
financial_services_analytical_applications_infrastructure
retail_price_management
retail_order_management_system
retail_store_inventory_management
retail_central_office
micros_retail_xbri_loss_prevention

redhat

enterprise_linux_for_power_little_endian
jboss_enterprise_web_server
jboss_enterprise_web_server_text-only_advisories
enterprise_linux_server_aus
jboss_enterprise_application_platform
enterprise_linux_eus
enterprise_linux_eus_compute_node
enterprise_linux_for_ibm_z_systems
enterprise_linux_server_tus
enterprise_linux_for_power_big_endian
enterprise_linux_for_power_big_endian_eus
enterprise_linux_workstation
enterprise_linux_for_power_little_endian_eus
enterprise_linux_server
enterprise_linux_desktop
enterprise_linux_for_ibm_z_systems_eus
fuse

debian

debian_linux

netapp

oncommand_workflow_automation
element
oncommand_shift
active_iq_unified_manager
snapcenter
oncommand_balance
oncommand_insight

apache

tomcat

canonical

ubuntu_linux

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

Type	Values Removed	Values Added
CPE	cpe:2.3:a:apache:tomcat:7.0.4:::::::* cpe:2.3:a:apache:tomcat:7.0.54:::::::* cpe:2.3:a:apache:tomcat:7.0.26:::::::* cpe:2.3:a:apache:tomcat:7.0.24:::::::* cpe:2.3:a:apache:tomcat:8.5.18:::::::* cpe:2.3:a:apache:tomcat:9.0.0:milestone10:::::: cpe:2.3:a:apache:tomcat:8.0.9:::::::* cpe:2.3:a:apache:tomcat:8.0.20:::::::* cpe:2.3:a:apache:tomcat:7.0.67:::::::* cpe:2.3:a:apache:tomcat:8.0.13:::::::* cpe:2.3:a:apache:tomcat:9.0.0:milestone12:::::: cpe:2.3:a:apache:tomcat:8.0.17:::::::* cpe:2.3:a:apache:tomcat:7.0.56:::::::* cpe:2.3:a:apache:tomcat:8.0.21:::::::* cpe:2.3:a:apache:tomcat:7.0.50:::::::* cpe:2.3:a:apache:tomcat:8.5.16:::::::* cpe:2.3:a:apache:tomcat:7.0.48:::::::* cpe:2.3:a:apache:tomcat:8.0.45:::::::* cpe:2.3:a:apache:tomcat:7.0.14:::::::* cpe:2.3:a:apache:tomcat:7.0.57:::::::* cpe:2.3:a:apache:tomcat:7.0.5:::::::* cpe:2.3:a:apache:tomcat:8.0.11:::::::* cpe:2.3:a:apache:tomcat:8.5.2:::::::* cpe:2.3:a:apache:tomcat:8.0.6:::::::* cpe:2.3:a:apache:tomcat:9.0.0:milestone13:::::: cpe:2.3:a:apache:tomcat:8.0.4:::::::* cpe:2.3:a:apache:tomcat:7.0.22:::::::* cpe:2.3:a:apache:tomcat:8.0.26:::::::* cpe:2.3:a:apache:tomcat:8.5.9:::::::* cpe:2.3:a:apache:tomcat:8.5.6:::::::* cpe:2.3:a:apache:tomcat:8.5.3:::::::* cpe:2.3:a:apache:tomcat:7.0.46:::::::* cpe:2.3:a:apache:tomcat:7.0.44:::::::* cpe:2.3:a:apache:tomcat:8.0.10:::::::* cpe:2.3:a:apache:tomcat:8.5.13:::::::* cpe:2.3:a:apache:tomcat:7.0.17:::::::* cpe:2.3:a:apache:tomcat:7.0.60:::::::* cpe:2.3:a:apache:tomcat:8.0.12:::::::* cpe:2.3:a:apache:tomcat:9.0.0:milestone15:::::: cpe:2.3:a:apache:tomcat:7.0.73:::::::* cpe:2.3:a:apache:tomcat:8.5.10:::::::* cpe:2.3:a:apache:tomcat:8.0.24:::::::* cpe:2.3:a:apache:tomcat:7.0.36:::::::* cpe:2.3:a:apache:tomcat:7.0.61:::::::* cpe:2.3:a:apache:tomcat:8.0.2:::::::* cpe:2.3:a:apache:tomcat:8.0.22:::::::* cpe:2.3:a:apache:tomcat:8.0.28:::::::* cpe:2.3:a:apache:tomcat:8.0.29:::::::* cpe:2.3:a:apache:tomcat:7.0.62:::::::* cpe:2.3:a:apache:tomcat:7.0.69:::::::* cpe:2.3:a:apache:tomcat:7.0.12:::::::* cpe:2.3:a:apache:tomcat:8.0.36:::::::* cpe:2.3:a:apache:tomcat:7.0.27:::::::* cpe:2.3:a:apache:tomcat:8.5.15:::::::* cpe:2.3:a:apache:tomcat:7.0.10:::::::* cpe:2.3:a:apache:tomcat:9.0.0:milestone4:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone22:::::: cpe:2.3:a:apache:tomcat:7.0.80:::::::* cpe:2.3:a:apache:tomcat:9.0.0:milestone16:::::: cpe:2.3:a:apache:tomcat:8.0.0:rc2:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone9:::::: cpe:2.3:a:apache:tomcat:7.0.18:::::::* cpe:2.3:a:apache:tomcat:7.0.47:::::::* cpe:2.3:a:apache:tomcat:8.0.41:::::::* cpe:2.3:a:apache:tomcat:7.0.66:::::::* cpe:2.3:a:apache:tomcat:8.5.0:::::::* cpe:2.3:a:apache:tomcat:8.5.17:::::::* cpe:2.3:a:apache:tomcat:7.0.19:::::::* cpe:2.3:a:apache:tomcat:7.0.1:::::::* cpe:2.3:a:apache:tomcat:7.0.77:::::::* cpe:2.3:a:apache:tomcat:8.0.18:::::::* cpe:2.3:a:apache:tomcat:7.0.8:::::::* cpe:2.3:a:apache:tomcat:7.0.11:::::::* cpe:2.3:a:apache:tomcat:7.0.76:::::::* cpe:2.3:a:apache:tomcat:8.0.7:::::::* cpe:2.3:a:apache:tomcat:8.5.5:::::::* cpe:2.3:a:apache:tomcat:7.0.59:::::::* cpe:2.3:a:apache:tomcat:9.0.0:milestone19:::::: cpe:2.3:a:apache:tomcat:8.0.42:::::::* cpe:2.3:a:apache:tomcat:7.0.71:::::::* cpe:2.3:a:apache:tomcat:8.5.12:::::::* cpe:2.3:a:apache:tomcat:7.0.38:::::::* cpe:2.3:a:apache:tomcat:7.0.74:::::::* cpe:2.3:a:apache:tomcat:7.0.58:::::::* cpe:2.3:a:apache:tomcat:9.0.0:milestone20:::::: cpe:2.3:a:apache:tomcat:7.0.29:::::::* cpe:2.3:a:apache:tomcat:7.0.37:::::::* cpe:2.3:a:apache:tomcat:9.0.0:milestone8:::::: cpe:2.3:a:apache:tomcat:8.0.27:::::::* cpe:2.3:a:apache:tomcat:8.0.37:::::::* cpe:2.3:a:apache:tomcat:7.0.39:::::::* cpe:2.3:a:apache:tomcat:7.0.70:::::::* cpe:2.3:a:apache:tomcat:7.0.49:::::::* cpe:2.3:a:apache:tomcat:8.5.11:::::::* cpe:2.3:a:apache:tomcat:8.5.20:::::::* cpe:2.3:a:apache:tomcat:7.0.81:::::::* cpe:2.3:a:apache:tomcat:7.0.9:::::::* cpe:2.3:a:apache:tomcat:8.0.31:::::::* cpe:2.3:a:apache:tomcat:8.0.38:::::::* cpe:2.3:a:apache:tomcat:8.5.7:::::::* cpe:2.3:a:apache:tomcat:8.5.19:::::::* cpe:2.3:a:apache:tomcat:7.0.31:::::::* cpe:2.3:a:apache:tomcat:7.0.64:::::::* cpe:2.3:a:apache:tomcat:8.0.0:rc10:::::: cpe:2.3:a:apache:tomcat:7.0.0:::::::* cpe:2.3:a:apache:tomcat:8.5.1:::::::* cpe:2.3:a:apache:tomcat:7.0.2:beta:::::: cpe:2.3:a:apache:tomcat:7.0.2:::::::* cpe:2.3:a:apache:tomcat:8.0.16:::::::* cpe:2.3:a:apache:tomcat:9.0.0:milestone3:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone7:::::: cpe:2.3:a:apache:tomcat:7.0.72:::::::* cpe:2.3:a:apache:tomcat:7.0.45:::::::* cpe:2.3:a:apache:tomcat:8.0.23:::::::* cpe:2.3:a:apache:tomcat:9.0.0:milestone11:::::: cpe:2.3:a:apache:tomcat:8.0.46:::::::* cpe:2.3:a:apache:tomcat:8.0.1:::::::* cpe:2.3:a:apache:tomcat:7.0.34:::::::* cpe:2.3:a:apache:tomcat:9.0.0:milestone14:::::: cpe:2.3:a:apache:tomcat:7.0.13:::::::* cpe:2.3:a:apache:tomcat:8.5.22:::::::* cpe:2.3:a:apache:tomcat:8.5.8:::::::* cpe:2.3:a:apache:tomcat:9.0.0:milestone1:::::: cpe:2.3:a:apache:tomcat:7.0.65:::::::* cpe:2.3:a:apache:tomcat:8.0.30:::::::* cpe:2.3:a:apache:tomcat:8.0.14:::::::* cpe:2.3:a:apache:tomcat:7.0.30:::::::* cpe:2.3:a:apache:tomcat:9.0.0:milestone21:::::: cpe:2.3:a:apache:tomcat:8.0.15:::::::* cpe:2.3:a:apache:tomcat:8.0.0:rc1:::::: cpe:2.3:a:apache:tomcat:8.0.43:::::::* cpe:2.3:a:apache:tomcat:7.0.42:::::::* cpe:2.3:a:apache:tomcat:8.0.25:::::::* cpe:2.3:a:apache:tomcat:8.0.33:::::::* cpe:2.3:a:apache:tomcat:7.0.7:::::::* cpe:2.3:a:apache:tomcat:7.0.51:::::::* cpe:2.3:a:apache:tomcat:8.5.4:::::::* cpe:2.3:a:apache:tomcat:7.0.25:::::::* cpe:2.3:a:apache:tomcat:9.0.0:::::::* cpe:2.3:a:apache:tomcat:7.0.23:::::::* cpe:2.3:a:apache:tomcat:8.5.14:::::::* cpe:2.3:a:apache:tomcat:7.0.21:::::::* cpe:2.3:a:apache:tomcat:9.0.0:milestone5:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone18:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone17:::::: cpe:2.3:a:apache:tomcat:7.0.35:::::::* cpe:2.3:a:apache:tomcat:8.0.19:::::::* cpe:2.3:a:apache:tomcat:7.0.28:::::::* cpe:2.3:a:apache:tomcat:8.5.21:::::::* cpe:2.3:a:apache:tomcat:7.0.5:beta:::::: cpe:2.3:a:apache:tomcat:7.0.63:::::::* cpe:2.3:a:apache:tomcat:7.0.79:::::::* cpe:2.3:a:apache:tomcat:7.0.16:::::::* cpe:2.3:a:apache:tomcat:7.0.20:::::::* cpe:2.3:a:apache:tomcat:8.0.35:::::::* cpe:2.3:a:apache:tomcat:8.0.39:::::::* cpe:2.3:a:apache:tomcat:7.0.6:::::::* cpe:2.3:a:apache:tomcat:7.0.4:beta:::::: cpe:2.3:a:apache:tomcat:7.0.32:::::::* cpe:2.3:a:apache:tomcat:8.0.44:::::::* cpe:2.3:a:apache:tomcat:7.0.40:::::::* cpe:2.3:a:apache:tomcat:7.0.43:::::::* cpe:2.3:a:apache:tomcat:7.0.75:::::::* cpe:2.3:a:apache:tomcat:8.0.34:::::::* cpe:2.3:a:apache:tomcat:7.0.33:::::::* cpe:2.3:a:apache:tomcat:7.0.15:::::::* cpe:2.3:a:apache:tomcat:7.0.68:::::::* cpe:2.3:a:apache:tomcat:7.0.41:::::::* cpe:2.3:a:apache:tomcat:8.0.32:::::::* cpe:2.3:a:apache:tomcat:8.0.40:::::::* cpe:2.3:a:apache:tomcat:9.0.0:milestone2:::::: cpe:2.3:a:apache:tomcat:9.0.0:milestone6:::::: cpe:2.3:a:apache:tomcat:7.0.3:::::::* cpe:2.3:a:apache:tomcat:8.0.0:rc5:::::: cpe:2.3:a:apache:tomcat:7.0.55:::::::*	cpe:2.3:a:oracle:management_pack:11.2.1.0.13:::::goldengate:: cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.7_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.5:::::::* cpe:2.3:a:oracle:micros_lucas:2.9.5:::::::* cpe:2.3:a:oracle:tuxedo_system_and_applications_monitor:12.1.3.0.0:::::::* cpe:2.3:o:debian:debian_linux:7.0:::::::* cpe:2.3:a:oracle:retail_returns_management:2.4.9:::::::* cpe:2.3:a:oracle:retail_point-of-service:14.1.3:::::::* cpe:2.3:a:oracle:health_sciences_empirica_inspections:1.0.1.1:::::::* cpe:2.3:a:oracle:retail_store_inventory_management:13.2.9:::::::* cpe:2.3:a:oracle:transportation_management:6.3.3:::::::* cpe:2.3:a:oracle:retail_price_management:13.2:::::::* cpe:2.3:a:oracle:retail_price_management:14.0:::::::* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:::::::: cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:::::::* cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1.6:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.6_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.7_s390x:::::::* cpe:2.3:a:oracle:transportation_management:6.3.6:::::::* cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::* cpe:2.3:a:oracle:agile_plm:9.3.4:::::::* cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.0.1:::::::* cpe:2.3:a:oracle:retail_xstore_point_of_service:6.0.11:::::::* cpe:2.3:a:oracle:retail_order_broker:5.2:::::::* cpe:2.3:o:netapp:element:-:::::vcenter_server:: cpe:2.3:a:redhat:fuse:1.0:::::::* cpe:2.3:a:oracle:retail_order_broker:5.1:::::::* cpe:2.3:a:oracle:transportation_management:6.3.5:::::::* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::* cpe:2.3:a:oracle:retail_invoice_matching:14.1:::::::* cpe:2.3:a:oracle:transportation_management:6.3.7:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.5_ppc64le:::::::* cpe:2.3:a:oracle:retail_order_management_system:5.0:::::::* cpe:2.3:a:oracle:retail_price_management:13.0:::::::* cpe:2.3:a:oracle:retail_convenience_and_fuel_pos_software:2.1.132:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::* cpe:2.3:a:oracle:retail_invoice_matching:13.2:::::::* cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:7.7:::::::* cpe:2.3:a:oracle:retail_order_management_system:4.7:::::::* cpe:2.3:a:oracle:retail_returns_management:14.0.4:::::::* cpe:2.3:a:oracle:retail_insights:16.0:::::::* cpe:2.3:a:oracle:retail_order_broker:16.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::* cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:::::::* cpe:2.3:a:oracle:retail_price_management:14.1:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.6_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.4:::::::* cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:::::::* cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.8.0:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0_s390x:::::::* cpe:2.3:a:oracle:retail_insights:14.1:::::::* cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0.6:::::::* cpe:2.3:a:oracle:transportation_management:6.3.2:::::::* cpe:2.3:a:oracle:agile_plm:9.3.6:::::::* cpe:2.3:a:oracle:retail_price_management:15.0:::::::* cpe:2.3:a:oracle:agile_plm:9.3.5:::::::* cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.4_ppc64le:::::::* cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.1:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0_ppc64:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4_ppc64:::::::* cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.5.0:::::::* cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.7:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6_ppc64:::::::* cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.1.0:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::* cpe:2.3:a:oracle:retail_store_inventory_management:13.0.7:::::::* cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::* cpe:2.3:a:oracle:retail_invoice_matching:12.0:::::::* cpe:2.3:a:oracle:retail_central_office:14.0.4:::::::* cpe:2.3:a:apache:tomcat:::::::: cpe:2.3:a:oracle:retail_eftlink:16.0.2:::::::* cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:12.1.0.4.0:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.4_s390x:::::::* cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4:::::::* cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:::::::* cpe:2.3:a:oracle:retail_price_management:13.1:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:::::::* cpe:2.3:a:oracle:retail_returns_management:2.3.8:::::::* cpe:2.3:a:netapp:oncommand_insight:-:::::::* cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1:::::::* cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3:::::::* cpe:2.3:a:oracle:retail_price_management:16.0:::::::* cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.6:::::::* cpe:2.3:a:oracle:retail_point-of-service:14.0.4:::::::* cpe:2.3:a:oracle:mysql_enterprise_monitor:::::::: cpe:2.3:a:oracle:retail_order_management_system:4.0:::::::* cpe:2.3:a:oracle:transportation_management:6.3.1:::::::* cpe:2.3:a:oracle:retail_invoice_matching:16.0:::::::* cpe:2.3:a:oracle:retail_back_office:14.1.3:::::::* cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm::: cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.5_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:::::::* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::* cpe:2.3:a:oracle:retail_advanced_inventory_planning:13.2:::::::* cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:::::::* cpe:2.3:a:oracle:retail_back_office:14.0.4:::::::* cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::* cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:::::::* cpe:2.3:a:oracle:workload_manager:12.2.0.1:::::::* cpe:2.3:a:redhat:jboss_enterprise_web_server_text-only_advisories:-:::::::* cpe:2.3:a:oracle:retail_central_office:14.1.3:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:::::::* cpe:2.3:a:oracle:transportation_management:6.3.4:::::::* cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::* cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::* cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm::: cpe:2.3:a:oracle:retail_order_broker:15.0:::::::* cpe:2.3:a:oracle:retail_invoice_matching:13.0:::::::* cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::* cpe:2.3:a:oracle:retail_eftlink:1.1.124:::::::* cpe:2.3:a:oracle:retail_invoice_matching:13.1:::::::* cpe:2.3:a:oracle:retail_advanced_inventory_planning:13.4:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.5_ppc64:::::::* cpe:2.3:a:oracle:fmw_platform:12.2.1.2.0:::::::* cpe:2.3:a:netapp:snapcenter:-:::::::* cpe:2.3:a:oracle:agile_plm:9.3.3:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:7.6:::::::* cpe:2.3:a:oracle:retail_store_inventory_management:12.0.12:::::::* cpe:2.3:a:oracle:fmw_platform:12.2.1.3.0:::::::* cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.6.0:::::::* cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.7.0:::::::* cpe:2.3:a:oracle:retail_insights:15.0:::::::* cpe:2.3:a:oracle:retail_returns_management:14.1.3:::::::* cpe:2.3:a:netapp:oncommand_balance:-:::::::* cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::* cpe:2.3:a:oracle:retail_invoice_matching:14.0:::::::* cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:::::::* cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::* cpe:2.3:a:oracle:retail_order_broker:5.0:::::::* cpe:2.3:a:oracle:retail_store_inventory_management:13.1.9:::::::* cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:::::::* cpe:2.3:a:oracle:retail_invoice_matching:15.0:::::::* cpe:2.3:a:oracle:retail_price_management:12.0:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:::::::* cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:::::::* cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:::::::* cpe:2.3:a:oracle:retail_store_inventory_management:16.0.1:::::::* cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.8.1:::::::* cpe:2.3:o:canonical:ubuntu_linux:18.04::::esm::: cpe:2.3:a:oracle:retail_eftlink:15.0.1:::::::* cpe:2.3:a:oracle:retail_insights:14.0:::::::* cpe:2.3:a:oracle:retail_order_management_system:4.5:::::::* cpe:2.3:a:oracle:retail_store_inventory_management:15.0.2:::::::* cpe:2.3:a:netapp:active_iq_unified_manager::::::windows::* cpe:2.3:a:netapp:oncommand_shift:-:::::::* cpe:2.3:a:netapp:active_iq_unified_manager::::::vmware_vsphere::* cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*
References	~~() http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html -~~	() http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html - Patch, Third Party Advisory
References	~~() http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html -~~	() http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html - Patch, Third Party Advisory
References	~~() http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html -~~	() http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html - Patch, Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2017:3080 -~~	() https://access.redhat.com/errata/RHSA-2017:3080 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2017:3081 -~~	() https://access.redhat.com/errata/RHSA-2017:3081 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2017:3113 -~~	() https://access.redhat.com/errata/RHSA-2017:3113 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2017:3114 -~~	() https://access.redhat.com/errata/RHSA-2017:3114 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2018:0268 -~~	() https://access.redhat.com/errata/RHSA-2018:0268 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2018:0269 -~~	() https://access.redhat.com/errata/RHSA-2018:0269 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2018:0270 -~~	() https://access.redhat.com/errata/RHSA-2018:0270 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2018:0271 -~~	() https://access.redhat.com/errata/RHSA-2018:0271 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2018:0275 -~~	() https://access.redhat.com/errata/RHSA-2018:0275 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2018:0465 -~~	() https://access.redhat.com/errata/RHSA-2018:0465 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2018:0466 -~~	() https://access.redhat.com/errata/RHSA-2018:0466 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2018:2939 -~~	() https://access.redhat.com/errata/RHSA-2018:2939 - Third Party Advisory
References	~~() https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://lists.apache.org/thread.html/3fd341a604c4e9eab39e7eaabbbac39c30101a022acc11dd09d7ebcb%40%3Cannounce.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/3fd341a604c4e9eab39e7eaabbbac39c30101a022acc11dd09d7ebcb%40%3Cannounce.tomcat.apache.org%3E - Issue Tracking, Mailing List
References	~~() https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E -~~	() https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E - Mailing List, Patch
References	~~() https://lists.debian.org/debian-lts-announce/2017/11/msg00009.html -~~	() https://lists.debian.org/debian-lts-announce/2017/11/msg00009.html - Mailing List, Third Party Advisory
References	~~() https://security.netapp.com/advisory/ntap-20171018-0002/ -~~	() https://security.netapp.com/advisory/ntap-20171018-0002/ - Third Party Advisory
References	~~() https://security.netapp.com/advisory/ntap-20180117-0002/ -~~	() https://security.netapp.com/advisory/ntap-20180117-0002/ - Third Party Advisory
References	~~() https://support.f5.com/csp/article/K53173544 -~~	() https://support.f5.com/csp/article/K53173544 - Third Party Advisory
References	~~() https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03812en_us -~~	() https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03812en_us - Third Party Advisory
References	~~() https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us -~~	() https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us - Third Party Advisory
References	~~() https://usn.ubuntu.com/3665-1/ -~~	() https://usn.ubuntu.com/3665-1/ - Third Party Advisory

8.1 /10