- Home
- CVEs with nessus.description==Security constrained bypass in error page mechanism :
While investigating bug 60718, it was noticed that some calls to
application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to
8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the
appropriate facade object. When running an untrusted application under
a SecurityManager, it was therefore possible for that untrusted
application to retain a reference to the request or response object
and thereby access and/or modify information associated with another
web application.(CVE-2017-5664 )
Calls to application listeners did not use the appropriate facade
object :
A vulnerability was discovered in tomcat. When running an untrusted
application under a SecurityManager it was possible, under some
circumstances, for that application to retain references to the
request or response objects and thereby access and/or modify
information associated with another web application. (CVE-2017-5648)
The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to
8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP
Vary header indicating that the response varies depending on Origin.
This permitted client and server side cache poisoning in some
circumstances.(CVE-2017-7674)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top