Linux Distros Unpatched Vulnerability : CVE-2017-7674

🗓️ 10 Aug 2025 00:00:00Reported by TenableType

Unpatched Tomcat CORS filter vulnerability allows cache poisoning from missing HTTP Vary header.

Reporter	Title	Published	Views	Family All 111
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in Apache Tomcat affects IBM UrbanCode Deploy (CVE-2017-7674, CVE-2017-7675)	15 Nov 201822:00	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerability has been identified in Jazz Reporting Service shipped with Rational Reporting for Development Intelligence (CVE-2017-7674)	17 Jun 201805:26	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Integration Bus is affected by an Apache Tomcat related vulnerability (CVE-2017-7674)	23 Mar 202020:41	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Apache Tomcat affect IBM Storwize V7000 Unified (CVE-2017-7674, CVE-2017-7675)	18 Jun 201800:36	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is vulnerable to using Components with Known Vulnerabilities	16 Jun 201822:05	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerability has been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2017-7674)	17 Jun 201805:23	–	ibm
IBM Security Bulletins	Security Bulletin: Rational Build Forge Security Advisory for Apache HTTPD, Apache Tomcat and OpenSSL Upgrade	17 Jun 201805:24	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerability has been identified in Jazz Reporting Service shipped with Rational Insight (CVE-2017-7674)	17 Jun 201805:26	–	ibm
IBM Security Bulletins	Security Bulletin: Open Source Apache Tomcat Vulnerabilities affect Algo One - Counterparty Credit Risk	15 Jun 201823:48	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Apache Tomcat affects IBM Algo One - Algo Risk Application (CVE-2017-7674, CVE-2017-7675)	15 Jun 201823:48	–	ibm

Source	Link
ubuntu	www.ubuntu.com/security/CVE-2017-7674
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(247716);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/08/10");

  script_cve_id("CVE-2017-7674");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2017-7674");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to
    7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This
    permitted client and server side cache poisoning in some circumstances. (CVE-2017-7674)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2017-7674");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-7674");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/06/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/08/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:tomcat7");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/Ubuntu Linux-16.04");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Ubuntu Linux-16.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "16.04",
        "pkgs": [
          {"reference": "tomcat7"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

10 Aug 2025 00:00Current

6.4Medium risk

Vulners AI Score6.4

CVSS 34.3

CVSS 24.3

EPSS0.0592