Apache Tomcat is prone to a remote code-execution vulnerability.
Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application.
The following versions are affected:
Apache Tomcat 9.0.0.M1 to 9.0.0.M11.
Apache Tomcat 8.5.0 to 8.5.6.
Apache Tomcat 8.0.0.RC1 to 8.0.38.
Apache Tomcat 7.0.0 to 7.0.72.
Apache Tomcat 6.0.0 to 6.0.47.
Information
Oracle Solaris 10
Oracle Secure Global Desktop 5.3
Oracle Secure Global Desktop 5.2
Oracle Secure Global Desktop 4.71
Apache Tomcat 8.5.6
Apache Tomcat 8.5.5
Apache Tomcat 8.5.4
Apache Tomcat 8.0.38
Apache Tomcat 8.0.37
Apache Tomcat 8.0.36
Apache Tomcat 8.0.35
Apache Tomcat 8.0.34
Apache Tomcat 8.0.33
Apache Tomcat 8.0.30
Apache Tomcat 7.0.72
Apache Tomcat 7.0.70
Apache Tomcat 7.0.69
Apache Tomcat 7.0.67
Apache Tomcat 7.0.65
Apache Tomcat 7.0.59
Apache Tomcat 7.0.57
Apache Tomcat 7.0.54
Apache Tomcat 7.0.53
Apache Tomcat 7.0.50
Apache Tomcat 7.0.33
Apache Tomcat 7.0.32
Apache Tomcat 7.0.31
Apache Tomcat 7.0.30
Apache Tomcat 7.0.29
Apache Tomcat 7.0.28
Apache Tomcat 7.0.27
Apache Tomcat 7.0.26
Apache Tomcat 7.0.25
Apache Tomcat 7.0.24
Apache Tomcat 7.0.23
Apache Tomcat 7.0.16
Apache Tomcat 7.0.15
Apache Tomcat 7.0.14
Apache Tomcat 7.0.13
Apache Tomcat 7.0.12
Apache Tomcat 7.0.7
Apache Tomcat 7.0.6
Apache Tomcat 7.0.4
Apache Tomcat 7.0.3
Apache Tomcat 7.0.2
Apache Tomcat 7.0.1
Apache Tomcat 7.0
Apache Tomcat 6.0.47
Apache Tomcat 6.0.44
Apache Tomcat 6.0.43
Apache Tomcat 6.0.41
Apache Tomcat 6.0.37
Apache Tomcat 6.0.36
Apache Tomcat 6.0.35
Apache Tomcat 6.0.28
Apache Tomcat 6.0.27
Apache Tomcat 6.0.26
Apache Tomcat 6.0.25
Apache Tomcat 6.0.24
Apache Tomcat 6.0.20
Apache Tomcat 6.0.18
Apache Tomcat 6.0.17
Apache Tomcat 6.0.16
Apache Tomcat 6.0.15
Apache Tomcat 6.0.14
Apache Tomcat 6.0.13
Apache Tomcat 6.0.12
Apache Tomcat 6.0.11
Apache Tomcat 6.0.10
Apache Tomcat 6.0.9
Apache Tomcat 6.0.8
Apache Tomcat 6.0.7
Apache Tomcat 6.0.6
Apache Tomcat 6.0.5
Apache Tomcat 6.0.4
Apache Tomcat 6.0.3
Apache Tomcat 6.0.2
Apache Tomcat 6.0.1
Apache Tomcat 6.0
Apache Tomcat 9.0.0.M9
Apache Tomcat 9.0.0.M5
Apache Tomcat 9.0.0.M4
Apache Tomcat 9.0.0.M3
Apache Tomcat 9.0.0.M2
Apache Tomcat 9.0.0.M11
Apache Tomcat 9.0.0.M10
Apache Tomcat 9.0.0.M1
Apache Tomcat 8.5.3
Apache Tomcat 8.5.2
Apache Tomcat 8.5.0
Apache Tomcat 8.0.32
Apache Tomcat 8.0.0.RC1
Apache Tomcat 8.0.0-RC6
Apache Tomcat 8.0.0-RC5
Apache Tomcat 8.0.0-RC3
Apache Tomcat 8.0.0-RC10
Apache Tomcat 8.0.0-RC1
Apache Tomcat 8.0.0 Rc5
Apache Tomcat 8.0.0 Rc2
Apache Tomcat 8.0.0 Rc10
Apache Tomcat 8.0.0 Rc1
Apache Tomcat 7.0.68
Apache Tomcat 7.0.55
Apache Tomcat 7.0.5
Apache Tomcat 7.0.49
Apache Tomcat 7.0.48
Apache Tomcat 7.0.47
Apache Tomcat 7.0.46
Apache Tomcat 7.0.45
Apache Tomcat 7.0.44
Apache Tomcat 7.0.43
Apache Tomcat 7.0.42
Apache Tomcat 7.0.41
Apache Tomcat 7.0.40
Apache Tomcat 7.0.39
Apache Tomcat 7.0.38
Apache Tomcat 7.0.37
Apache Tomcat 7.0.36
Apache Tomcat 7.0.35
Apache Tomcat 7.0.34
Apache Tomcat 7.0.22
Apache Tomcat 7.0.21
Apache Tomcat 7.0.20
Apache Tomcat 7.0.19
Apache Tomcat 7.0.18
Apache Tomcat 7.0.11
Apache Tomcat 7.0.10
Apache Tomcat 6.0.45
Apache Tomcat 6.0.42
Apache Tomcat 6.0.39
Apache Tomcat 6.0.33
Apache Tomcat 6.0.32
Apache Tomcat 6.0.31
Apache Tomcat 6.0.30
Apache Tomcat 6.0.29
Apache Tomcat 6.0.19
Apache Tomcat 8.0.39
Apache Tomcat 7.0.73
Apache Tomcat 6.0.48
Apache Tomcat 9.0.0.M13
References:
- Apache Homepage (Apache)
- Apache Tomcat 6.x vulnerabilities (Apache)
- Apache Tomcat 8.x vulnerabilities (Apache)
- Apache Tomcat 9.x vulnerabilities (Apache)
- Fixed in Apache Tomcat 7.0.68 (Apache)
- Oracle Critical Patch Update Advisory - April 2017 (Oracle)
- Oracle Solaris Third Party Bulletin - January 2017 (Oracle)