[ https://issues.apache.org/jira/browse/KYLIN-2891?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dong Li updated KYLIN-2891: --------------------------- Issue Type: Improvement (was: Bug) > Tomcat Security Vulnerability Alert. The version of the tomcat for kylin > should upgrade to 7.0.82. > -------------------------------------------------------------------------------------------------- > > Key: KYLIN-2891 > URL: https://issues.apache.org/jira/browse/KYLIN-2891 > Project: Kylin > Issue Type: Improvement > Components: Website > Affects Versions: v2.0.0, v2.1.0 > Reporter: peng.jianhua > Assignee: peng.jianhua > Labels: patch > Fix For: v2.2.0 > > Attachments: > 0001-KYLIN-2891-Tomcat-Security-Vulnerability-Alert.-The-.patch > > > 【Security Vulnerability Alert】Tomcat Information leakage and remote code > execution vulnerabilities. > CVE ID: > {code} > CVE-2017-12617 > {code} > Description > {code} > When running with HTTP PUTs enabled (e.g. via setting the readonly > initialisation parameter of the Default servlet to false) it was possible to > upload a JSP file to the server via a specially crafted request. This JSP > could then be requested and any code it contained would be executed by the > server. > {code} > Scope > {code} > Affects: 7.0.0 to 7.0.81 > {code} > Solution > {code} > The official release of the Apache Tomcat 7.0.82 version has fixed the > vulnerability and recommends upgrading to the 7.0.82 version. > {code} > Reference > {code} > https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.82 > {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029)