vulnerability

Ubuntu: USN-3519-1 (CVE-2017-5664): Tomcat vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:P/A:N)	Jun 6, 2017	Jan 9, 2018	Aug 18, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

Jun 6, 2017

Added

Jan 9, 2018

Modified

Aug 18, 2025

Description

It was discovered that Tomcat incorrectly handled certain pipelined
requests when sendfile was used. A remote attacker could use this issue to
obtain wrong responses possibly containing sensitive information.
(CVE-2017-5647)

It was discovered that Tomcat incorrectly used the appropriate facade
object. A malicious application could possibly use this to bypass Security
Manager restrictions. (CVE-2017-5648)

It was discovered that Tomcat incorrectly handled error pages. A remote
attacker could possibly use this issue to replace or remove the custom
error page. (CVE-2017-5664)

It was discovered that Tomcat incorrectly handled the CORS filter. A remote
attacker could possibly use this issue to perform cache poisoning.
(CVE-2017-7674)

Solutions

ubuntu-upgrade-libtomcat7-javaubuntu-upgrade-libtomcat8-javaubuntu-upgrade-tomcat7ubuntu-upgrade-tomcat8

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today