CVE-2017-5648 - While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tom

CVE-2017-5648

Summary

While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application.

References

Vulnerable Configurations

cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.24:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.24:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.31:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.31:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.36:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.36:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.38:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.38:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.43:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.43:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.44:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.44:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.45:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.45:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.46:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.46:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.48:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.48:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.49:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.49:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.51:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.51:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.52:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.52:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.53:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.53:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.54:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.54:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.55:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.55:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.56:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.56:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.57:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.57:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.58:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.58:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.59:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.59:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.60:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.60:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.61:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.61:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.62:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.62:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.63:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.63:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.64:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.64:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.65:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.65:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.66:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.66:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.67:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.67:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.68:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.68:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.69:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.69:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.70:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.70:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.71:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.71:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.72:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.72:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.73:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.73:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.74:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.74:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.75:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.75:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.21:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.21:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.22:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.22:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.23:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.23:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.24:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.24:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.25:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.25:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.26:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.26:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.27:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.27:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.28:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.28:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.29:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.29:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.30:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.30:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.31:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.31:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.32:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.32:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.33:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.33:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.34:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.34:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.35:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.35:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.36:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.36:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.37:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.37:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.38:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.38:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.39:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.39:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.40:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.40:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.41:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.41:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.5.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.5.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.5.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.5.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.5.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.5.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.5.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.5.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.5.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.5.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.5.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.5.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.5.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.5.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.5.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.5.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.5.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.5.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.5.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.5.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.5.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.5.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.5.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.5.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:m1:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:m1:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:m10:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:m10:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:m11:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:m11:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:m12:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:m12:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:m13:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:m13:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:m14:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:m14:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:m15:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:m15:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:m16:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:m16:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:m17:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:m17:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:m2:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:m2:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:m3:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:m3:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:m4:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:m4:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:m5:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:m5:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:m6:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:m6:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:m7:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:m7:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:m8:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:m8:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:m9:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:m9:*:*:*:*:*:*

CVSS

Base:	6.4 (as of 20-07-2020 - 21:15)
Impact:
Exploitability:

CWE

CWE-668

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:N

redhat via4

advisories

rhsa
id RHSA-2017:1801
rhsa
id RHSA-2017:1802
rhsa
id RHSA-2017:1809

rpms

log4j-eap6-0:1.2.16-12.redhat_3.1.ep6.el6
log4j-eap6-0:1.2.16-12.redhat_3.1.ep6.el7
tomcat-native-0:1.2.8-10.redhat_10.ep7.el6
tomcat-native-0:1.2.8-10.redhat_10.ep7.el7
tomcat-native-debuginfo-0:1.2.8-10.redhat_10.ep7.el6
tomcat-native-debuginfo-0:1.2.8-10.redhat_10.ep7.el7
tomcat7-0:7.0.70-22.ep7.el6
tomcat7-0:7.0.70-22.ep7.el7
tomcat7-admin-webapps-0:7.0.70-22.ep7.el6
tomcat7-admin-webapps-0:7.0.70-22.ep7.el7
tomcat7-docs-webapp-0:7.0.70-22.ep7.el6
tomcat7-docs-webapp-0:7.0.70-22.ep7.el7
tomcat7-el-2.2-api-0:7.0.70-22.ep7.el6
tomcat7-el-2.2-api-0:7.0.70-22.ep7.el7
tomcat7-javadoc-0:7.0.70-22.ep7.el6
tomcat7-javadoc-0:7.0.70-22.ep7.el7
tomcat7-jsp-2.2-api-0:7.0.70-22.ep7.el6
tomcat7-jsp-2.2-api-0:7.0.70-22.ep7.el7
tomcat7-jsvc-0:7.0.70-22.ep7.el6
tomcat7-jsvc-0:7.0.70-22.ep7.el7
tomcat7-lib-0:7.0.70-22.ep7.el6
tomcat7-lib-0:7.0.70-22.ep7.el7
tomcat7-log4j-0:7.0.70-22.ep7.el6
tomcat7-log4j-0:7.0.70-22.ep7.el7
tomcat7-selinux-0:7.0.70-22.ep7.el6
tomcat7-selinux-0:7.0.70-22.ep7.el7
tomcat7-servlet-3.0-api-0:7.0.70-22.ep7.el6
tomcat7-servlet-3.0-api-0:7.0.70-22.ep7.el7
tomcat7-webapps-0:7.0.70-22.ep7.el6
tomcat7-webapps-0:7.0.70-22.ep7.el7
tomcat8-0:8.0.36-24.ep7.el6
tomcat8-0:8.0.36-24.ep7.el7
tomcat8-admin-webapps-0:8.0.36-24.ep7.el6
tomcat8-admin-webapps-0:8.0.36-24.ep7.el7
tomcat8-docs-webapp-0:8.0.36-24.ep7.el6
tomcat8-docs-webapp-0:8.0.36-24.ep7.el7
tomcat8-el-2.2-api-0:8.0.36-24.ep7.el6
tomcat8-el-2.2-api-0:8.0.36-24.ep7.el7
tomcat8-javadoc-0:8.0.36-24.ep7.el6
tomcat8-javadoc-0:8.0.36-24.ep7.el7
tomcat8-jsp-2.3-api-0:8.0.36-24.ep7.el6
tomcat8-jsp-2.3-api-0:8.0.36-24.ep7.el7
tomcat8-jsvc-0:8.0.36-24.ep7.el6
tomcat8-jsvc-0:8.0.36-24.ep7.el7
tomcat8-lib-0:8.0.36-24.ep7.el6
tomcat8-lib-0:8.0.36-24.ep7.el7
tomcat8-log4j-0:8.0.36-24.ep7.el6
tomcat8-log4j-0:8.0.36-24.ep7.el7
tomcat8-selinux-0:8.0.36-24.ep7.el6
tomcat8-selinux-0:8.0.36-24.ep7.el7
tomcat8-servlet-3.1-api-0:8.0.36-24.ep7.el6
tomcat8-servlet-3.1-api-0:8.0.36-24.ep7.el7
tomcat8-webapps-0:8.0.36-24.ep7.el6
tomcat8-webapps-0:8.0.36-24.ep7.el7
tomcat-0:7.0.69-12.el7_3
tomcat-admin-webapps-0:7.0.69-12.el7_3
tomcat-docs-webapp-0:7.0.69-12.el7_3
tomcat-el-2.2-api-0:7.0.69-12.el7_3
tomcat-javadoc-0:7.0.69-12.el7_3
tomcat-jsp-2.2-api-0:7.0.69-12.el7_3
tomcat-jsvc-0:7.0.69-12.el7_3
tomcat-lib-0:7.0.69-12.el7_3
tomcat-servlet-3.0-api-0:7.0.69-12.el7_3
tomcat-webapps-0:7.0.69-12.el7_3

refmap via4

bid	97530
confirm	https://security.netapp.com/advisory/ntap-20180614-0001/
debian	DSA-3842 DSA-3843
gentoo	GLSA-201705-09
mlist	[oss-security] 20200720 CVE-2020-13932 Apache ActiveMQ Artemis - Remote XSS in Web console Diagram Plugin [tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ [tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ [tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ [tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/ [tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/ [tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/ [tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/ [tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/ [tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/ [tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/ [users] 20170410 [SECURITY] CVE-2017-5648 Apache Tomcat Information Disclosure
sectrack	1038220

Last major update

20-07-2020 - 21:15

Published

17-04-2017 - 16:59

Last modified

20-07-2020 - 21:15