Security features in Apache Tomcat - CVE-2017-15706
Published: April 27, 2018
Vulnerability identifier: #VU12274
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-15706
CWE-ID: CWE-254
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Apache Foundation
Affected software:
Apache Tomcat
Apache Tomcat
Detailed vulnerability description
The vulnerability allows a remote attacker to write arbitrary files on the target system.
The weakness exists due to some scripts may have failed to execute as expected and other scripts may have been executed unexpectedly. A remote attacker can write arbitrary files.
The weakness exists due to some scripts may have failed to execute as expected and other scripts may have been executed unexpectedly. A remote attacker can write arbitrary files.
How to mitigate CVE-2017-15706
Install update from vendor's website.