CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS
Percentile
82.7%
Issue Overview:
Security constrained bypass in error page mechanism:
While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application.(CVE-2017-5664 )
Calls to application listeners did not use the appropriate facade object:
A vulnerability was discovered in tomcat. When running an untrusted application under a SecurityManager it was possible, under some circumstances, for that application to retain references to the request or response objects and thereby access and/or modify information associated with another web application. (CVE-2017-5648)
The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances.(CVE-2017-7674)
Affected Packages:
tomcat7
Issue Correction:
Run yum update tomcat7 to update your system.
New Packages:
noarch:
tomcat7-admin-webapps-7.0.79-1.28.amzn1.noarch
tomcat7-jsp-2.2-api-7.0.79-1.28.amzn1.noarch
tomcat7-webapps-7.0.79-1.28.amzn1.noarch
tomcat7-lib-7.0.79-1.28.amzn1.noarch
tomcat7-7.0.79-1.28.amzn1.noarch
tomcat7-el-2.2-api-7.0.79-1.28.amzn1.noarch
tomcat7-servlet-3.0-api-7.0.79-1.28.amzn1.noarch
tomcat7-docs-webapp-7.0.79-1.28.amzn1.noarch
tomcat7-log4j-7.0.79-1.28.amzn1.noarch
tomcat7-javadoc-7.0.79-1.28.amzn1.noarch
src:
tomcat7-7.0.79-1.28.amzn1.src
Red Hat: CVE-2017-5648, CVE-2017-5664, CVE-2017-7674
Mitre: CVE-2017-5648, CVE-2017-5664, CVE-2017-7674
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS
Percentile
82.7%