7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
67.8%
Important: Security Constraint Bypass CVE-2017-7675
The HTTP/2 implementation bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using an specially crafted URL.
This was fixed in revision 1796090.
The issue was originally reported as a failure to process URL path parameters in bug 61120 on 24 May 2017. The full implications of this issue were identified by the Tomcat Security Team the same day. This issue was made public on 10 August 2017.
Affects: 9.0.0.M1 to 9.0.0.M21
Moderate: Cache Poisoning CVE-2017-7674
The CORS Filter did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances.
This was fixed in revision 1795813.
The issue was reported as bug 61101 on 16 May 2017. The full implications of this issue were identified by the Tomcat Security Team the same day. This issue was made public on 10 August 2017.
Affects: 9.0.0.M1 to 9.0.0.M21
CPE | Name | Operator | Version |
---|---|---|---|
apache tomcat | ge | 9.0.0.M1 | |
apache tomcat | le | 9.0.0.M21 |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
67.8%