{"affected":[{"ecosystem_specific":{"binaries":[{"tomcat":"7.0.82-7.16.1","tomcat-admin-webapps":"7.0.82-7.16.1","tomcat-docs-webapp":"7.0.82-7.16.1","tomcat-el-2_2-api":"7.0.82-7.16.1","tomcat-javadoc":"7.0.82-7.16.1","tomcat-jsp-2_2-api":"7.0.82-7.16.1","tomcat-lib":"7.0.82-7.16.1","tomcat-servlet-3_0-api":"7.0.82-7.16.1","tomcat-webapps":"7.0.82-7.16.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12-LTSS","name":"tomcat","purl":"pkg:rpm/suse/tomcat&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"7.0.82-7.16.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\n\nApache Tomcat was updated to 7.0.82 adding features, fixing bugs and security issues.\n\nThis is another bugfix release, for full details see:\n\n    https://tomcat.apache.org/tomcat-7.0-doc/changelog.html\n\nFixed security issues:\n\n- CVE-2017-5664: A problem in handling error pages was fixed, to avoid potential file overwrites during error page handling. (bsc#1042910).\n- CVE-2017-7674: A CORS Filter issue could lead to client and server side cache poisoning (bsc#1053352)\n- CVE-2017-12617: A remote code execution possibility via JSP Upload was fixed (bsc#1059554)\n- CVE-2017-12616: An information disclosure when using VirtualDirContext was fixed (bsc#1059551)\n- CVE-2017-12615: A Remote Code Execution via JSP Upload was fixed (bsc#1059554)\n\nNon-security issues fixed:\n\n- Fix tomcat-digest classpath error (bsc#977410) \n","id":"SUSE-SU-2017:3059-1","modified":"2017-11-23T16:16:52Z","published":"2017-11-23T16:16:52Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2017/suse-su-20173059-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1042910"},{"type":"REPORT","url":"https://bugzilla.suse.com/1053352"},{"type":"REPORT","url":"https://bugzilla.suse.com/1059551"},{"type":"REPORT","url":"https://bugzilla.suse.com/1059554"},{"type":"REPORT","url":"https://bugzilla.suse.com/977410"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-12615"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-12616"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-12617"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5664"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-7674"}],"related":["CVE-2017-12615","CVE-2017-12616","CVE-2017-12617","CVE-2017-5664","CVE-2017-7674"],"summary":"Security update for tomcat","upstream":["CVE-2017-12615","CVE-2017-12616","CVE-2017-12617","CVE-2017-5664","CVE-2017-7674"]}