8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.975 High
EPSS
Percentile
100.0%
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
A vulnerability was discovered in Tomcat’s handling of pipelined requests when “Sendfile” was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647)
Two vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615, CVE-2017-12617)
A vulnerability was discovered in Tomcat where the CORS Filter did not send a “Vary: Origin” HTTP header. This potentially allowed sensitive data to be leaked to other visitors through both client-side and server-side caches. (CVE-2017-7674)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 7 | noarch | tomcat-lib | < 7.0.76-3.el7_4 | tomcat-lib-7.0.76-3.el7_4.noarch.rpm |
RedHat | 7 | noarch | tomcat-javadoc | < 7.0.76-3.el7_4 | tomcat-javadoc-7.0.76-3.el7_4.noarch.rpm |
RedHat | 7 | noarch | tomcat-servlet-3.0-api | < 7.0.76-3.el7_4 | tomcat-servlet-3.0-api-7.0.76-3.el7_4.noarch.rpm |
RedHat | 7 | noarch | tomcat-jsp-2.2-api | < 7.0.76-3.el7_4 | tomcat-jsp-2.2-api-7.0.76-3.el7_4.noarch.rpm |
RedHat | 7 | noarch | tomcat-jsvc | < 7.0.76-3.el7_4 | tomcat-jsvc-7.0.76-3.el7_4.noarch.rpm |
RedHat | 7 | noarch | tomcat-el-2.2-api | < 7.0.76-3.el7_4 | tomcat-el-2.2-api-7.0.76-3.el7_4.noarch.rpm |
RedHat | 7 | noarch | tomcat-webapps | < 7.0.76-3.el7_4 | tomcat-webapps-7.0.76-3.el7_4.noarch.rpm |
RedHat | 7 | noarch | tomcat-docs-webapp | < 7.0.76-3.el7_4 | tomcat-docs-webapp-7.0.76-3.el7_4.noarch.rpm |
RedHat | 7 | noarch | tomcat-admin-webapps | < 7.0.76-3.el7_4 | tomcat-admin-webapps-7.0.76-3.el7_4.noarch.rpm |
RedHat | 7 | noarch | tomcat | < 7.0.76-3.el7_4 | tomcat-7.0.76-3.el7_4.noarch.rpm |
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.975 High
EPSS
Percentile
100.0%