CVE-2017-7674

Related Files

Ubuntu Security Notice USN-3519-1

Posted Jan 9, 2018

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3519-1 - It was discovered that Tomcat incorrectly handled certain pipelined requests when sendfile was used. A remote attacker could use this issue to obtain wrong responses possibly containing sensitive information. It was discovered that Tomcat incorrectly used the appropriate facade object. A malicious application could possibly use this to bypass Security Manager restrictions. Various other issues were also addressed.

tags | advisory, remote

systems | linux, ubuntu

advisories | CVE-2017-5647, CVE-2017-5648, CVE-2017-5664, CVE-2017-7674

SHA-256 | 38382610e11f924ba68fd9e1ac30126f36e4138680f20e49f3193dccf7392465

Download | Favorite | View

Red Hat Security Advisory 2017-3081-01

Posted Oct 30, 2017

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-3081-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: A vulnerability was discovered in Tomcat's handling of pipelined requests when "Sendfile" was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. Two vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution.

tags | advisory, java, web, vulnerability, code execution, info disclosure

systems | linux, redhat

advisories | CVE-2017-12615, CVE-2017-12617, CVE-2017-5647, CVE-2017-7674

SHA-256 | 5ee983090f72ece9f5cb9792f0c4f5e3483212e72951bcc2f52b90e4f854419f

Download | Favorite | View