vulnerability

Ubuntu: USN-3519-1 (CVE-2017-7674): Tomcat vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	Aug 10, 2017	Jan 9, 2018	Apr 25, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Aug 10, 2017

Added

Jan 9, 2018

Modified

Apr 25, 2025

Description

It was discovered that Tomcat incorrectly handled certain pipelined
requests when sendfile was used. A remote attacker could use this issue to
obtain wrong responses possibly containing sensitive information.
(CVE-2017-5647)

It was discovered that Tomcat incorrectly used the appropriate facade
object. A malicious application could possibly use this to bypass Security
Manager restrictions. (CVE-2017-5648)

It was discovered that Tomcat incorrectly handled error pages. A remote
attacker could possibly use this issue to replace or remove the custom
error page. (CVE-2017-5664)

It was discovered that Tomcat incorrectly handled the CORS filter. A remote
attacker could possibly use this issue to perform cache poisoning.
(CVE-2017-7674)

Solution(s)

ubuntu-upgrade-libtomcat7-javaubuntu-upgrade-libtomcat8-javaubuntu-upgrade-tomcat7ubuntu-upgrade-tomcat8

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today