ID CVE-2017-5664
Summary The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat 9.0.0.M1 to 9.0.0.M20, 8.5.0 to 8.5.14, 8.0.0.RC1 to 8.0.43 and 7.0.0 to 7.0.77 did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the HTTP method. JSPs used as error pages must must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method.
References
Vulnerable Configurations
  • Apache Software Foundation Tomcat 7.0.0
    cpe:2.3:a:apache:tomcat:7.0.0
  • Apache Software Foundation Tomcat 7.0.0 beta
    cpe:2.3:a:apache:tomcat:7.0.0:beta
  • Apache Software Foundation Tomcat 7.0.1
    cpe:2.3:a:apache:tomcat:7.0.1
  • Apache Software Foundation Tomcat 7.0.2
    cpe:2.3:a:apache:tomcat:7.0.2
  • Apache Software Foundation Tomcat 7.0.2 beta
    cpe:2.3:a:apache:tomcat:7.0.2:beta
  • Apache Software Foundation Tomcat 7.0.3
    cpe:2.3:a:apache:tomcat:7.0.3
  • Apache Software Foundation Tomcat 7.0.4
    cpe:2.3:a:apache:tomcat:7.0.4
  • Apache Software Foundation Tomcat 7.0.4 beta
    cpe:2.3:a:apache:tomcat:7.0.4:beta
  • Apache Software Foundation Tomcat 7.0.5
    cpe:2.3:a:apache:tomcat:7.0.5
  • Apache Tomcat 7.0.5 Beta
    cpe:2.3:a:apache:tomcat:7.0.5:beta
  • Apache Software Foundation Tomcat 7.0.6
    cpe:2.3:a:apache:tomcat:7.0.6
  • Apache Software Foundation Tomcat 7.0.7
    cpe:2.3:a:apache:tomcat:7.0.7
  • Apache Software Foundation Tomcat 7.0.8
    cpe:2.3:a:apache:tomcat:7.0.8
  • Apache Software Foundation Tomcat 7.0.9
    cpe:2.3:a:apache:tomcat:7.0.9
  • Apache Software Foundation Tomcat 7.0.10
    cpe:2.3:a:apache:tomcat:7.0.10
  • Apache Software Foundation Tomcat 7.0.11
    cpe:2.3:a:apache:tomcat:7.0.11
  • Apache Software Foundation Tomcat 7.0.12
    cpe:2.3:a:apache:tomcat:7.0.12
  • Apache Software Foundation Tomcat 7.0.13
    cpe:2.3:a:apache:tomcat:7.0.13
  • Apache Software Foundation Tomcat 7.0.14
    cpe:2.3:a:apache:tomcat:7.0.14
  • Apache Software Foundation Tomcat 7.0.15
    cpe:2.3:a:apache:tomcat:7.0.15
  • Apache Software Foundation Tomcat 7.0.16
    cpe:2.3:a:apache:tomcat:7.0.16
  • Apache Software Foundation Tomcat 7.0.17
    cpe:2.3:a:apache:tomcat:7.0.17
  • Apache Software Foundation Tomcat 7.0.18
    cpe:2.3:a:apache:tomcat:7.0.18
  • Apache Software Foundation Tomcat 7.0.19
    cpe:2.3:a:apache:tomcat:7.0.19
  • Apache Software Foundation Tomcat 7.0.20
    cpe:2.3:a:apache:tomcat:7.0.20
  • Apache Software Foundation Tomcat 7.0.21
    cpe:2.3:a:apache:tomcat:7.0.21
  • Apache Software Foundation Tomcat 7.0.22
    cpe:2.3:a:apache:tomcat:7.0.22
  • Apache Software Foundation Tomcat 7.0.23
    cpe:2.3:a:apache:tomcat:7.0.23
  • Apache Software Foundation Tomcat 7.0.24
    cpe:2.3:a:apache:tomcat:7.0.24
  • Apache Software Foundation Tomcat 7.0.25
    cpe:2.3:a:apache:tomcat:7.0.25
  • Apache Software Foundation Tomcat 7.0.26
    cpe:2.3:a:apache:tomcat:7.0.26
  • Apache Software Foundation Tomcat 7.0.27
    cpe:2.3:a:apache:tomcat:7.0.27
  • Apache Software Foundation Tomcat 7.0.28
    cpe:2.3:a:apache:tomcat:7.0.28
  • Apache Software Foundation Tomcat 7.0.29
    cpe:2.3:a:apache:tomcat:7.0.29
  • Apache Software Foundation Tomcat 7.0.30
    cpe:2.3:a:apache:tomcat:7.0.30
  • Apache Software Foundation Tomcat 7.0.31
    cpe:2.3:a:apache:tomcat:7.0.31
  • Apache Software Foundation Tomcat 7.0.32
    cpe:2.3:a:apache:tomcat:7.0.32
  • Apache Software Foundation Tomcat 7.0.33
    cpe:2.3:a:apache:tomcat:7.0.33
  • Apache Software Foundation Tomcat 7.0.34
    cpe:2.3:a:apache:tomcat:7.0.34
  • Apache Software Foundation Tomcat 7.0.35
    cpe:2.3:a:apache:tomcat:7.0.35
  • Apache Software Foundation Tomcat 7.0.36
    cpe:2.3:a:apache:tomcat:7.0.36
  • Apache Software Foundation Tomcat 7.0.37
    cpe:2.3:a:apache:tomcat:7.0.37
  • Apache Software Foundation Tomcat 7.0.38
    cpe:2.3:a:apache:tomcat:7.0.38
  • Apache Software Foundation Tomcat 7.0.39
    cpe:2.3:a:apache:tomcat:7.0.39
  • Apache Software Foundation Tomcat 7.0.40
    cpe:2.3:a:apache:tomcat:7.0.40
  • Apache Software Foundation Tomcat 7.0.41
    cpe:2.3:a:apache:tomcat:7.0.41
  • Apache Software Foundation Tomcat 7.0.42
    cpe:2.3:a:apache:tomcat:7.0.42
  • Apache Software Foundation Tomcat 7.0.43
    cpe:2.3:a:apache:tomcat:7.0.43
  • Apache Software Foundation Tomcat 7.0.44
    cpe:2.3:a:apache:tomcat:7.0.44
  • Apache Software Foundation Tomcat 7.0.45
    cpe:2.3:a:apache:tomcat:7.0.45
  • Apache Software Foundation Tomcat 7.0.46
    cpe:2.3:a:apache:tomcat:7.0.46
  • Apache Software Foundation Tomcat 7.0.47
    cpe:2.3:a:apache:tomcat:7.0.47
  • Apache Software Foundation Tomcat 7.0.48
    cpe:2.3:a:apache:tomcat:7.0.48
  • Apache Software Foundation Tomcat 7.0.49
    cpe:2.3:a:apache:tomcat:7.0.49
  • Apache Software Foundation Tomcat 7.0.50
    cpe:2.3:a:apache:tomcat:7.0.50
  • Apache Software Foundation Tomcat 7.0.51
    cpe:2.3:a:apache:tomcat:7.0.51
  • Apache Software Foundation Tomcat 7.0.54
    cpe:2.3:a:apache:tomcat:7.0.54
  • Apache Software Foundation Tomcat 7.0.55
    cpe:2.3:a:apache:tomcat:7.0.55
  • Apache Software Foundation Tomcat 7.0.56
    cpe:2.3:a:apache:tomcat:7.0.56
  • Apache Software Foundation Tomcat 7.0.57
    cpe:2.3:a:apache:tomcat:7.0.57
  • Apache Software Foundation Tomcat 7.0.58
    cpe:2.3:a:apache:tomcat:7.0.58
  • Apache Tomcat 7.0.59
    cpe:2.3:a:apache:tomcat:7.0.59
  • Apache Software Foundation Tomcat 7.0.60
    cpe:2.3:a:apache:tomcat:7.0.60
  • Apache Tomcat 7.0.61
    cpe:2.3:a:apache:tomcat:7.0.61
  • Apache Tomcat 7.0.62
    cpe:2.3:a:apache:tomcat:7.0.62
  • Apache Tomcat 7.0.63
    cpe:2.3:a:apache:tomcat:7.0.63
  • Apache Tomcat 7.0.64
    cpe:2.3:a:apache:tomcat:7.0.64
  • Apache Software Foundation Tomcat 7.0.65
    cpe:2.3:a:apache:tomcat:7.0.65
  • Apache Software Foundation Tomcat 7.0.66
    cpe:2.3:a:apache:tomcat:7.0.66
  • Apache Software Foundation Tomcat 7.0.67
    cpe:2.3:a:apache:tomcat:7.0.67
  • Apache Software Foundation Tomcat 7.0.68
    cpe:2.3:a:apache:tomcat:7.0.68
  • Apache Software Foundation Tomcat 7.0.69
    cpe:2.3:a:apache:tomcat:7.0.69
  • Apache Software Foundation Tomcat 7.0.70
    cpe:2.3:a:apache:tomcat:7.0.70
  • Apache Software Foundation Tomcat 7.0.71
    cpe:2.3:a:apache:tomcat:7.0.71
  • Apache Software Foundation Tomcat 7.0.72
    cpe:2.3:a:apache:tomcat:7.0.72
  • Apache Software Foundation Tomcat 7.0.73
    cpe:2.3:a:apache:tomcat:7.0.73
  • Apache Software Foundation Tomcat 7.0.74
    cpe:2.3:a:apache:tomcat:7.0.74
  • Apache Software Foundation Tomcat 7.0.75
    cpe:2.3:a:apache:tomcat:7.0.75
  • Apache Software Foundation Tomcat 7.0.76
    cpe:2.3:a:apache:tomcat:7.0.76
  • Apache Software Foundation Tomcat 7.0.77
    cpe:2.3:a:apache:tomcat:7.0.77
  • Apache Software Foundation Tomcat 8.0.0 Release Candidate 1
    cpe:2.3:a:apache:tomcat:8.0.0:rc1
  • Apache Software Foundation Tomcat 8.0.0 release candidate 10
    cpe:2.3:a:apache:tomcat:8.0.0:rc10
  • cpe:2.3:a:apache:tomcat:8.0.0:rc3
    cpe:2.3:a:apache:tomcat:8.0.0:rc3
  • Apache Software Foundation Tomcat 8.0.0 release candidate 5
    cpe:2.3:a:apache:tomcat:8.0.0:rc5
  • Apache Software Foundation Tomcat 8.0.1
    cpe:2.3:a:apache:tomcat:8.0.1
  • Apache Software Foundation Tomcat 8.0.2
    cpe:2.3:a:apache:tomcat:8.0.2
  • Apache Software Foundation Tomcat 8.0.3
    cpe:2.3:a:apache:tomcat:8.0.3
  • Apache Software Foundation Tomcat 8.0.4
    cpe:2.3:a:apache:tomcat:8.0.4
  • Apache Software Foundation Tomcat 8.0.5
    cpe:2.3:a:apache:tomcat:8.0.5
  • Apache Software Foundation Tomcat 8.0.6
    cpe:2.3:a:apache:tomcat:8.0.6
  • Apache Software Foundation Tomcat 8.0.7
    cpe:2.3:a:apache:tomcat:8.0.7
  • Apache Software Foundation Tomcat 8.0.9
    cpe:2.3:a:apache:tomcat:8.0.9
  • Apache Software Foundation Tomcat 8.0.10
    cpe:2.3:a:apache:tomcat:8.0.10
  • Apache Software Foundation Tomcat 8.0.11
    cpe:2.3:a:apache:tomcat:8.0.11
  • Apache Software Foundation Tomcat 8.0.12
    cpe:2.3:a:apache:tomcat:8.0.12
  • Apache Software Foundation Tomcat 8.0.13
    cpe:2.3:a:apache:tomcat:8.0.13
  • Apache Software Foundation Tomcat 8.0.14
    cpe:2.3:a:apache:tomcat:8.0.14
  • Apache Software Foundation Tomcat 8.0.15
    cpe:2.3:a:apache:tomcat:8.0.15
  • Apache Software Foundation Tomcat 8.0.16
    cpe:2.3:a:apache:tomcat:8.0.16
  • Apache Tomcat 8.0.17
    cpe:2.3:a:apache:tomcat:8.0.17
  • Apache Tomcat 8.0.18
    cpe:2.3:a:apache:tomcat:8.0.18
  • Apache Software Foundation Tomcat 8.0.19
    cpe:2.3:a:apache:tomcat:8.0.19
  • Apache Tomcat 8.0.20
    cpe:2.3:a:apache:tomcat:8.0.20
  • Apache Tomcat 8.0.21
    cpe:2.3:a:apache:tomcat:8.0.21
  • Apache Tomcat 8.0.22
    cpe:2.3:a:apache:tomcat:8.0.22
  • Apache Tomcat 8.0.23
    cpe:2.3:a:apache:tomcat:8.0.23
  • Apache Tomcat 8.0.24
    cpe:2.3:a:apache:tomcat:8.0.24
  • Apache Software Foundation Tomcat 8.0.25
    cpe:2.3:a:apache:tomcat:8.0.25
  • Apache Tomcat 8.0.26
    cpe:2.3:a:apache:tomcat:8.0.26
  • Apache Software Foundation Tomcat 8.0.27
    cpe:2.3:a:apache:tomcat:8.0.27
  • Apache Software Foundation Tomcat 8.0.28
    cpe:2.3:a:apache:tomcat:8.0.28
  • Apache Software Foundation Tomcat 8.0.29
    cpe:2.3:a:apache:tomcat:8.0.29
  • Apache Software Foundation Tomcat 8.0.30
    cpe:2.3:a:apache:tomcat:8.0.30
  • Apache Software Foundation Tomcat 8.0.31
    cpe:2.3:a:apache:tomcat:8.0.31
  • Apache Software Foundation Tomcat 8.0.32
    cpe:2.3:a:apache:tomcat:8.0.32
  • Apache Software Foundation Tomcat 8.0.33
    cpe:2.3:a:apache:tomcat:8.0.33
  • Apache Software Foundation Tomcat 8.0.34
    cpe:2.3:a:apache:tomcat:8.0.34
  • Apache Software Foundation Tomcat 8.0.35
    cpe:2.3:a:apache:tomcat:8.0.35
  • Apache Software Foundation Tomcat 8.0.36
    cpe:2.3:a:apache:tomcat:8.0.36
  • Apache Software Foundation Tomcat 8.0.37
    cpe:2.3:a:apache:tomcat:8.0.37
  • Apache Software Foundation Tomcat 8.0.38
    cpe:2.3:a:apache:tomcat:8.0.38
  • Apache Software Foundation Tomcat 8.0.39
    cpe:2.3:a:apache:tomcat:8.0.39
  • Apache Software Foundation Tomcat 8.0.40
    cpe:2.3:a:apache:tomcat:8.0.40
  • Apache Software Foundation Tomcat 8.0.41
    cpe:2.3:a:apache:tomcat:8.0.41
  • Apache Software Foundation Tomcat 8.0.42
    cpe:2.3:a:apache:tomcat:8.0.42
  • Apache Software Foundation Tomcat 8.0.43
    cpe:2.3:a:apache:tomcat:8.0.43
  • Apache Software Foundation Tomcat 8.5.0
    cpe:2.3:a:apache:tomcat:8.5.0
  • Apache Software Foundation Tomcat 8.5.1
    cpe:2.3:a:apache:tomcat:8.5.1
  • Apache Software Foundation Tomcat 8.5.2
    cpe:2.3:a:apache:tomcat:8.5.2
  • Apache Software Foundation Tomcat 8.5.3
    cpe:2.3:a:apache:tomcat:8.5.3
  • Apache Software Foundation Tomcat 8.5.4
    cpe:2.3:a:apache:tomcat:8.5.4
  • Apache Software Foundation Tomcat 8.5.5
    cpe:2.3:a:apache:tomcat:8.5.5
  • Apache Software Foundation Tomcat 8.5.6
    cpe:2.3:a:apache:tomcat:8.5.6
  • Apache Software Foundation Tomcat 8.5.7
    cpe:2.3:a:apache:tomcat:8.5.7
  • Apache Software Foundation Tomcat 8.5.8
    cpe:2.3:a:apache:tomcat:8.5.8
  • Apache Software Foundation Tomcat 8.5.9
    cpe:2.3:a:apache:tomcat:8.5.9
  • Apache Software Foundation Tomcat 8.5.10
    cpe:2.3:a:apache:tomcat:8.5.10
  • Apache Software Foundation Tomcat 8.5.11
    cpe:2.3:a:apache:tomcat:8.5.11
  • Apache Software Foundation Tomcat 8.5.12
    cpe:2.3:a:apache:tomcat:8.5.12
  • Apache Software Foundation Tomcat 8.5.13
    cpe:2.3:a:apache:tomcat:8.5.13
  • Apache Software Foundation Tomcat 8.5.14
    cpe:2.3:a:apache:tomcat:8.5.14
  • Apache Software Foundation Tomcat 9.0.0 M1
    cpe:2.3:a:apache:tomcat:9.0.0:m1
  • Apache Software Foundation Tomcat 9.0.0 M10
    cpe:2.3:a:apache:tomcat:9.0.0:m10
  • Apache Software Foundation Tomcat 9.0.0 M11
    cpe:2.3:a:apache:tomcat:9.0.0:m11
  • Apache Software Foundation Tomcat 9.0.0 M12
    cpe:2.3:a:apache:tomcat:9.0.0:m12
  • Apache Software Foundation Tomcat 9.0.0 M13
    cpe:2.3:a:apache:tomcat:9.0.0:m13
  • Apache Software Foundation Tomcat 9.0.0 M14
    cpe:2.3:a:apache:tomcat:9.0.0:m14
  • Apache Software Foundation Tomcat 9.0.0 M15
    cpe:2.3:a:apache:tomcat:9.0.0:m15
  • Apache Software Foundation Tomcat 9.0.0 M16
    cpe:2.3:a:apache:tomcat:9.0.0:m16
  • Apache Software Foundation Tomcat 9.0.0 M17
    cpe:2.3:a:apache:tomcat:9.0.0:m17
  • Apache Software Foundation Tomcat 9.0.0 M18
    cpe:2.3:a:apache:tomcat:9.0.0:m18
  • Apache Software Foundation Tomcat 9.0.0 M19
    cpe:2.3:a:apache:tomcat:9.0.0:m19
  • Apache Software Foundation Tomcat 9.0.0 M2
    cpe:2.3:a:apache:tomcat:9.0.0:m2
  • Apache Software Foundation Tomcat 9.0.0 M20
    cpe:2.3:a:apache:tomcat:9.0.0:m20
  • Apache Software Foundation Tomcat 9.0.0 M3
    cpe:2.3:a:apache:tomcat:9.0.0:m3
  • Apache Software Foundation Tomcat 9.0.0 M4
    cpe:2.3:a:apache:tomcat:9.0.0:m4
  • Apache Software Foundation Tomcat 9.0.0 M5
    cpe:2.3:a:apache:tomcat:9.0.0:m5
  • Apache Software Foundation Tomcat 9.0.0 M6
    cpe:2.3:a:apache:tomcat:9.0.0:m6
  • Apache Software Foundation Tomcat 9.0.0 M7
    cpe:2.3:a:apache:tomcat:9.0.0:m7
  • Apache Software Foundation Tomcat 9.0.0 M8
    cpe:2.3:a:apache:tomcat:9.0.0:m8
  • Apache Software Foundation Tomcat 9.0.0 M9
    cpe:2.3:a:apache:tomcat:9.0.0:m9
CVSS
Base: 5.0
Impact:
Exploitability:
CWE CWE-755
CAPEC
nessus via4
  • NASL family Junos Local Security Checks
    NASL id JUNIPER_SPACE_JSA_10838.NASL
    description According to its self-reported version number, the remote Junos Space version is prior to 17.2R1. It is, therefore, affected by multiple vulnerabilities.
    last seen 2019-02-21
    modified 2018-08-03
    plugin id 108520
    published 2018-03-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108520
    title Juniper Junos Space < 17.2R1 Multiple Vulnerabilities (JSA10838)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2017-862.NASL
    description Security constrained bypass in error page mechanism : A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664) The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances. (CVE-2017-7674)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 102177
    published 2017-08-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102177
    title Amazon Linux AMI : tomcat8 (ALAS-2017-862)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3519-1.NASL
    description It was discovered that Tomcat incorrectly handled certain pipelined requests when sendfile was used. A remote attacker could use this issue to obtain wrong responses possibly containing sensitive information. (CVE-2017-5647) It was discovered that Tomcat incorrectly used the appropriate facade object. A malicious application could possibly use this to bypass Security Manager restrictions. (CVE-2017-5648) It was discovered that Tomcat incorrectly handled error pages. A remote attacker could possibly use this issue to replace or remove the custom error page. (CVE-2017-5664) It was discovered that Tomcat incorrectly handled the CORS filter. A remote attacker could possibly use this issue to perform cache poisoning. (CVE-2017-7674). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 105687
    published 2018-01-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105687
    title Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : tomcat7, tomcat8 vulnerabilities (USN-3519-1)
  • NASL family CGI abuses
    NASL id MYSQL_ENTERPRISE_MONITOR_3_4_3_4225.NASL
    description According to its self-reported version, the MySQL Enterprise Monitor application running on the remote host is 3.2.x prior to 3.2.9.2249, 3.3.x prior to 3.3.5.3292, or 3.4.x prior to 3.4.3.4225. It is, therefore, affected by multiple vulnerabilities as noted in the October 2017 Critical Patch Update advisory. Please consult the CVRF details for the applicable CVEs for additional information. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 103536
    published 2017-09-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103536
    title MySQL Enterprise Monitor 3.2.x < 3.2.9.2249 / 3.3.x < 3.3.5.3292 / 3.4.x < 3.4.3.4225 Multiple Vulnerabilities (October 2017 CPU)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-2493.NASL
    description An update is now available for Red Hat JBoss Enterprise Web Server 2.1.2 for Red Hat Enterprise Linux 6 and Red Hat JBoss Enterprise Web Server 2.1.2 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. This release provides an update to OpenSSL and Tomcat 6/7 for Red Hat JBoss Web Server 2.1.2. The updates are documented in the Release Notes document linked to in the References. Users of Red Hat JBoss Web Server 2.1.2 should upgrade to these updated packages, which resolve several security issues. Security Fix(es) : * A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-6304) * A vulnerability was discovered in tomcat's handling of pipelined requests when 'Sendfile' was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647) * A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664) * A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. (CVE-2016-8610) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and Shi Lei (Gear Team of Qihoo 360 Inc.) for reporting CVE-2016-8610. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6304.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 102692
    published 2017-08-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102692
    title RHEL 6 / 7 : JBoss Web Server (RHSA-2017:2493)
  • NASL family Web Servers
    NASL id TOMCAT_8_5_15.NASL
    description According to its self-reported version number, the Apache Tomcat service running on the remote host is 7.0.x prior to 7.0.78, 8.0.x prior to 8.0.44, 8.5.x prior to 8.5.15, or 9.0.x prior to 9.0.0.M21. It is, therefore, affected by an implementation flaw in the error page reporting mechanism in which it does not conform to the Java Servlet Specification that requires static error pages to be processed as an HTTP GET request nothwithstanding the HTTP request method that was originally used when the error occurred. Depending on the original request and the configuration of the Default Servlet, an unauthenticated, remote attacker can exploit this issue to replace or remove custom error pages. Note that Nessus has not attempted to exploit this issue but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-01-11
    plugin id 100681
    published 2017-06-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100681
    title Apache Tomcat 7.0.x < 7.0.78 / 8.0.x < 8.0.44 / 8.5.x < 8.5.15 / 9.0.x < 9.0.0.M21 Remote Error Page Manipulation
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2017-1809.NASL
    description An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es) : * A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664) * A vulnerability was discovered in Tomcat. When running an untrusted application under a SecurityManager it was possible, under some circumstances, for that application to retain references to the request or response objects and thereby access and/or modify information associated with another web application. (CVE-2017-5648)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 102020
    published 2017-07-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102020
    title CentOS 7 : tomcat (CESA-2017:1809)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20170727_TOMCAT_ON_SL7_X.NASL
    description Security Fix(es) : - A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664) - A vulnerability was discovered in Tomcat. When running an untrusted application under a SecurityManager it was possible, under some circumstances, for that application to retain references to the request or response objects and thereby access and/or modify information associated with another web application. (CVE-2017-5648)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 102032
    published 2017-07-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102032
    title Scientific Linux Security Update : tomcat on SL7.x (noarch)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-2638.NASL
    description An update for jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services (AWS) Elastic Compute Cloud (EC2). With this update, the jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.17. Security Fix(es) : * It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. (CVE-2017-5645) * A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664) * A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. (CVE-2017-7525) Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-7525.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 103044
    published 2017-09-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103044
    title RHEL 6 : jboss-ec2-eap (RHSA-2017:2638)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-2635.NASL
    description An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.17 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.16, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. (CVE-2017-5645) * A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664) * A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. (CVE-2017-7525) Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-7525.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 103041
    published 2017-09-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103041
    title RHEL 6 : JBoss EAP (RHSA-2017:2635)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-996.NASL
    description The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. For Debian 7 'Wheezy', these problems have been fixed in version 7.0.28-4+deb7u14. We recommend that you upgrade your tomcat7 packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-10
    plugin id 100941
    published 2017-06-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100941
    title Debian DLA-996-1 : tomcat7 security update
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1192.NASL
    description According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-0762) - It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018) - It was discovered that when a SecurityManager was configured, Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. (CVE-2016-6794) - It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796) - It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. (CVE-2016-6797) - A vulnerability was discovered in tomcat. When running an untrusted application under a SecurityManager it was possible, under some circumstances, for that application to retain references to the request or response objects and thereby access and/or modify information associated with another web application.(CVE-2017-5648) - A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page.(CVE-2017-5664) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 103030
    published 2017-09-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103030
    title EulerOS 2.0 SP2 : tomcat (EulerOS-SA-2017-1192)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2017-854.NASL
    description Security constrained bypass in error page mechanism : A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 101271
    published 2017-07-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101271
    title Amazon Linux AMI : tomcat8 (ALAS-2017-854)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-1809.NASL
    description An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es) : * A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664) * A vulnerability was discovered in Tomcat. When running an untrusted application under a SecurityManager it was possible, under some circumstances, for that application to retain references to the request or response objects and thereby access and/or modify information associated with another web application. (CVE-2017-5648)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 102012
    published 2017-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102012
    title RHEL 7 : tomcat (RHSA-2017:1809)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-1299.NASL
    description This update for tomcat fixes the following issues : Security issues fixed : - CVE-2017-5664: A problem in handling error pages was fixed, to avoid potential file overwrites during error page handling. (bsc#1042910). - CVE-2017-7674: A CORS Filter issue could lead to client and server side cache poisoning (bsc#1053352) - CVE-2017-12617: A remote code execution possibility via JSP Upload was fixed (bsc#1059554) Non security bugs fixed : - Fix tomcat-digest classpath error (bsc#977410) - Fix packaged /etc/alternatives symlinks for api libs that caused rpm -V to report link mismatch (bsc#1019016) This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 104765
    published 2017-11-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104765
    title openSUSE Security Update : tomcat (openSUSE-2017-1299)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3892.NASL
    description Aniket Nandkishor Kulkarni discovered that in tomcat7, a servlet and JSP engine, static error pages used the original request's HTTP method to serve content, instead of systematically using the GET method. This could under certain conditions result in undesirable results, including the replacement or removal of the custom error page.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 101009
    published 2017-06-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101009
    title Debian DSA-3892-1 : tomcat7 - security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-63789C8C29.NASL
    description This update includes a rebase from 8.0.43 up to 8.0.44 which resolves a single CVE along with various other bugs/features : - rhbz#1459160 CVE-2017-5664 tomcat: Security constrained bypass in error page mechanism Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-01
    plugin id 101123
    published 2017-06-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101123
    title Fedora 25 : 1:tomcat (2017-63789c8c29)
  • NASL family Virtuozzo Local Security Checks
    NASL id VIRTUOZZO_VZLSA-2017-3080.NASL
    description An update for tomcat6 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es) : * A vulnerability was discovered in Tomcat's handling of pipelined requests when 'Sendfile' was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647) * A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664) * Two vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615, CVE-2017-12617) Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 119237
    published 2018-11-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119237
    title Virtuozzo 6 : tomcat6 / tomcat6-admin-webapps / etc (VZLSA-2017-3080)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-1809.NASL
    description From Red Hat Security Advisory 2017:1809 : An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es) : * A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664) * A vulnerability was discovered in Tomcat. When running an untrusted application under a SecurityManager it was possible, under some circumstances, for that application to retain references to the request or response objects and thereby access and/or modify information associated with another web application. (CVE-2017-5648)
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 102031
    published 2017-07-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102031
    title Oracle Linux 7 : tomcat (ELSA-2017-1809)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2017-853.NASL
    description Security constrained bypass in error page mechanism : A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 101270
    published 2017-07-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101270
    title Amazon Linux AMI : tomcat7 (ALAS-2017-853)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-3080.NASL
    description An update for tomcat6 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es) : * A vulnerability was discovered in Tomcat's handling of pipelined requests when 'Sendfile' was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647) * A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664) * Two vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615, CVE-2017-12617)
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 104250
    published 2017-10-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104250
    title RHEL 6 : tomcat6 (RHSA-2017:3080)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-794C18B62D.NASL
    description This update includes a rebase from 8.0.43 up to 8.0.44 which resolves a single CVE along with various other bugs/features : - rhbz#1459160 CVE-2017-5664 tomcat: Security constrained bypass in error page mechanism Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-02
    plugin id 101661
    published 2017-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101661
    title Fedora 26 : 1:tomcat (2017-794c18b62d)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-3080.NASL
    description From Red Hat Security Advisory 2017:3080 : An update for tomcat6 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es) : * A vulnerability was discovered in Tomcat's handling of pipelined requests when 'Sendfile' was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647) * A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664) * Two vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615, CVE-2017-12617)
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 104247
    published 2017-10-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104247
    title Oracle Linux 6 : tomcat6 (ELSA-2017-3080)
  • NASL family Web Servers
    NASL id TOMCAT_6_0_24.NASL
    description The version of Apache Tomcat installed on the remote host is 6.0.x prior to 6.0.24. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the handling of pipelined requests when 'Sendfile' was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647) - An unspecified flaw in error page mechanism of the DefaultServlet implementation allows a specially-crafted HTTP request to cause undesired side effects, including the removal or replacement of the custom error page. (CVE-2017-5664) - An unspecified flaw affects servlet contexts configured as readonly=false with HTTP PUT requests allowed. An attacker can upload a JSP file to that context and execute arbitrary code. (CVE-2017-12615, CVE-2017-12617) Note that Nessus has not attempted to exploit this issue but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-08-03
    plugin id 104358
    published 2017-11-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104358
    title Apache Tomcat 6.0.x < 6.0.24 Multiple Vulnerabilities
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2017-3080.NASL
    description An update for tomcat6 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es) : * A vulnerability was discovered in Tomcat's handling of pipelined requests when 'Sendfile' was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647) * A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664) * Two vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615, CVE-2017-12617)
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 104256
    published 2017-10-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104256
    title CentOS 6 : tomcat6 (CESA-2017:3080)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20171030_TOMCAT6_ON_SL6_X.NASL
    description Security Fix(es) : - A vulnerability was discovered in Tomcat's handling of pipelined requests when 'Sendfile' was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647) - A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664) - Two vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615, CVE-2017-12617)
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 104268
    published 2017-10-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104268
    title Scientific Linux Security Update : tomcat6 on SL6.x (noarch)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3891.NASL
    description Aniket Nandkishor Kulkarni discovered that in tomcat8, a servlet and JSP engine, static error pages used the original request's HTTP method to serve content, instead of systematically using the GET method. This could under certain conditions result in undesirable results, including the replacement or removal of the custom error page.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 101008
    published 2017-06-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101008
    title Debian DSA-3891-1 : tomcat8 - security update
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-2637.NASL
    description An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.17 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.16, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. (CVE-2017-5645) * A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664) * A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. (CVE-2017-7525) Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-7525.
    last seen 2019-02-21
    modified 2018-07-27
    plugin id 103043
    published 2017-09-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103043
    title RHEL 5 : JBoss EAP (RHSA-2017:2637)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-1801.NASL
    description An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 6 and Red Hat JBoss Web Server 3.1 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 1 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. (CVE-2017-5645) * A vulnerability was discovered in tomcat's handling of pipelined requests when 'Sendfile' was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647) * A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664) * A vulnerability was discovered in tomcat. When running an untrusted application under a SecurityManager it was possible, under some circumstances, for that application to retain references to the request or response objects and thereby access and/or modify information associated with another web application. (CVE-2017-5648)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 112177
    published 2018-08-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112177
    title RHEL 6 / 7 : Red Hat JBoss Web Server 3.1.0 Service Pack 1 (RHSA-2017:1801)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-2636.NASL
    description An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.17 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.16, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. (CVE-2017-5645) * A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664) * A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. (CVE-2017-7525) Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-7525.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 103042
    published 2017-09-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103042
    title RHEL 7 : JBoss EAP (RHSA-2017:2636)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2017-873.NASL
    description Security constrained bypass in error page mechanism : While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application.(CVE-2017-5664 ) Calls to application listeners did not use the appropriate facade object : A vulnerability was discovered in tomcat. When running an untrusted application under a SecurityManager it was possible, under some circumstances, for that application to retain references to the request or response objects and thereby access and/or modify information associated with another web application. (CVE-2017-5648) The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances.(CVE-2017-7674)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 102547
    published 2017-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102547
    title Amazon Linux AMI : tomcat7 (ALAS-2017-873)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1191.NASL
    description According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-0762) - It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018) - It was discovered that when a SecurityManager was configured, Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. (CVE-2016-6794) - It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796) - It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. (CVE-2016-6797) - A vulnerability was discovered in tomcat. When running an untrusted application under a SecurityManager it was possible, under some circumstances, for that application to retain references to the request or response objects and thereby access and/or modify information associated with another web application.(CVE-2017-5648) - A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page.(CVE-2017-5664) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 103029
    published 2017-09-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103029
    title EulerOS 2.0 SP1 : tomcat (EulerOS-SA-2017-1191)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-E4638A345C.NASL
    description This update includes a rebase from 8.0.43 up to 8.0.44 which resolves a single CVE along with various other bugs/features : - rhbz#1459160 CVE-2017-5664 tomcat: Security constrained bypass in error page mechanism Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-02
    plugin id 101185
    published 2017-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101185
    title Fedora 24 : 1:tomcat (2017-e4638a345c)
redhat via4
advisories
  • bugzilla
    id 1459158
    title CVE-2017-5664 tomcat: Security constrained bypass in error page mechanism
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhba:tst:20150364001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhba:tst:20150364002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhba:tst:20150364003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20150364004
    • OR
      • AND
        • comment tomcat is earlier than 0:7.0.69-12.el7_3
          oval oval:com.redhat.rhsa:tst:20171809023
        • comment tomcat is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686006
      • AND
        • comment tomcat-admin-webapps is earlier than 0:7.0.69-12.el7_3
          oval oval:com.redhat.rhsa:tst:20171809005
        • comment tomcat-admin-webapps is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686016
      • AND
        • comment tomcat-docs-webapp is earlier than 0:7.0.69-12.el7_3
          oval oval:com.redhat.rhsa:tst:20171809011
        • comment tomcat-docs-webapp is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686014
      • AND
        • comment tomcat-el-2.2-api is earlier than 0:7.0.69-12.el7_3
          oval oval:com.redhat.rhsa:tst:20171809017
        • comment tomcat-el-2.2-api is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686024
      • AND
        • comment tomcat-javadoc is earlier than 0:7.0.69-12.el7_3
          oval oval:com.redhat.rhsa:tst:20171809019
        • comment tomcat-javadoc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686012
      • AND
        • comment tomcat-jsp-2.2-api is earlier than 0:7.0.69-12.el7_3
          oval oval:com.redhat.rhsa:tst:20171809013
        • comment tomcat-jsp-2.2-api is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686018
      • AND
        • comment tomcat-jsvc is earlier than 0:7.0.69-12.el7_3
          oval oval:com.redhat.rhsa:tst:20171809007
        • comment tomcat-jsvc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686022
      • AND
        • comment tomcat-lib is earlier than 0:7.0.69-12.el7_3
          oval oval:com.redhat.rhsa:tst:20171809021
        • comment tomcat-lib is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686010
      • AND
        • comment tomcat-servlet-3.0-api is earlier than 0:7.0.69-12.el7_3
          oval oval:com.redhat.rhsa:tst:20171809015
        • comment tomcat-servlet-3.0-api is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686020
      • AND
        • comment tomcat-webapps is earlier than 0:7.0.69-12.el7_3
          oval oval:com.redhat.rhsa:tst:20171809009
        • comment tomcat-webapps is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686008
    rhsa
    id RHSA-2017:1809
    released 2017-07-27
    severity Important
    title RHSA-2017:1809: tomcat security update (Important)
  • rhsa
    id RHSA-2017:1801
  • rhsa
    id RHSA-2017:1802
  • rhsa
    id RHSA-2017:2493
  • rhsa
    id RHSA-2017:2494
  • rhsa
    id RHSA-2017:2633
  • rhsa
    id RHSA-2017:2635
  • rhsa
    id RHSA-2017:2636
  • rhsa
    id RHSA-2017:2637
  • rhsa
    id RHSA-2017:2638
  • rhsa
    id RHSA-2017:3080
rpms
  • tomcat-0:7.0.69-12.el7_3
  • tomcat-admin-webapps-0:7.0.69-12.el7_3
  • tomcat-docs-webapp-0:7.0.69-12.el7_3
  • tomcat-el-2.2-api-0:7.0.69-12.el7_3
  • tomcat-javadoc-0:7.0.69-12.el7_3
  • tomcat-jsp-2.2-api-0:7.0.69-12.el7_3
  • tomcat-jsvc-0:7.0.69-12.el7_3
  • tomcat-lib-0:7.0.69-12.el7_3
  • tomcat-servlet-3.0-api-0:7.0.69-12.el7_3
  • tomcat-webapps-0:7.0.69-12.el7_3
  • tomcat6-0:6.0.24-111.el6_9
  • tomcat6-admin-webapps-0:6.0.24-111.el6_9
  • tomcat6-docs-webapp-0:6.0.24-111.el6_9
  • tomcat6-el-2.1-api-0:6.0.24-111.el6_9
  • tomcat6-javadoc-0:6.0.24-111.el6_9
  • tomcat6-jsp-2.1-api-0:6.0.24-111.el6_9
  • tomcat6-lib-0:6.0.24-111.el6_9
  • tomcat6-servlet-2.5-api-0:6.0.24-111.el6_9
  • tomcat6-webapps-0:6.0.24-111.el6_9
refmap via4
bid 98888
confirm
debian
  • DSA-3891
  • DSA-3892
misc https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
mlist
  • [tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
  • [tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
  • [tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
  • [tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
  • [tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
  • [tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/
  • [tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/
  • [tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/
  • [tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/
  • [tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/
  • [tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/
  • [tomcat-users] 20170606 [SECURITY] CVE-2017-5664 Apache Tomcat Security Constraint Bypass
sectrack 1038641
Last major update 06-06-2017 - 10:29
Published 06-06-2017 - 10:29
Last modified 02-10-2019 - 20:03
Back to Top