==========================================================================
Ubuntu Security Notice USN-7282-1
February 21, 2025

tomcat7 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

tomcat7 could be made to execute arbitrary code.

Software Description:
- tomcat7: Servlet and JSP engine

Details:

It was discovered that Tomcat incorrectly handled being configured with
HTTP PUTs enabled. A remote attacker could use this issue to upload a JSP
file to the server and execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS
  libtomcat7-java                 7.0.68-1ubuntu0.4+esm3
                                  Available with Ubuntu Pro
  tomcat7                         7.0.68-1ubuntu0.4+esm3
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7282-1
  CVE-2017-12616, CVE-2017-12617