Re: Review Request 62495: RANGER-1797:Tomcat Security Vulnerability Alert. The version of the tomcat for ranger should upgrade to 7.0.81.

bhavik patel Mon, 09 Oct 2017 22:20:04 -0700

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62495/#review187494
-----------------------------------------------------------




@pengjianhua : Any updates on this?

- bhavik patel


On Sept. 22, 2017, 8:35 a.m., pengjianhua wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62495/
> -----------------------------------------------------------
> 
> (Updated Sept. 22, 2017, 8:35 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
> Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
> 
> 
> Bugs: RANGER-1797
>     https://issues.apache.org/jira/browse/RANGER-1797
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> [Security Vulnerability Alert] Tomcat Information leakage and remote code 
> execution vulnerabilities.
> 
> CVE ID:
> CVE-2017-12615\CVE-2017-12616
> 
> Description
> CVE-2017-12615:When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with 
> HTTP PUTs enabled, it was possible to upload a JSP file to the server via a 
> specially crafted request. This JSP could then be requested and any code it 
> contained would be executed by the server.
> CVE-2017-12616:When using a VirtualDirContext with Apache Tomcat 7.0.0 to 
> 7.0.80, it was possible to use a specially crafted request, bypass security 
> constraints, or get the source code of JSPs for resources served by the 
> VirtualDirContext, thereby cased code disclosure.
> 
> Scope
> CVE-2017-12615:Apache Tomcat 7.0.0 - 7.0.79
> CVE-2017-12616:Apache Tomcat 7.0.0 - 7.0.80
> 
> Solution
> The official release of the Apache Tomcat 7.0.81 version has fixed the two 
> vulnerabilities and recommends upgrading to the latest version.
> 
> Reference
> https://tomcat.apache.org/security-7.html
> http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81
> 
> 
> Diffs
> -----
> 
>   pom.xml 3958014c 
> 
> 
> Diff: https://reviews.apache.org/r/62495/diff/1/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> pengjianhua
> 
>

Re: Review Request 62495: RANGER-1797:Tomcat Security Vulnerability Alert. The version of the tomcat for ranger should upgrade to 7.0.81.

Reply via email to