QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2017-5648

Back to search

CVE-2017-5648

Published: Apr 17, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application.

VendorProductVersions

Apache Software Foundation

Apache Tomcat

affected
9.0.0.M1 to 9.0.0.M17
affected
8.5.0 to 8.5.11
affected
8.0.0.RC1 to 8.0.41
affected
7.0.0 to 7.0.75

References

GLSA-201705-09
vendor-advisory
x_refsource_GENTOO
97530
vdb-entry
x_refsource_BID
RHSA-2017:1801
vendor-advisory
x_refsource_REDHAT
DSA-3843
vendor-advisory
x_refsource_DEBIAN
1038220
vdb-entry
x_refsource_SECTRACK
DSA-3842
vendor-advisory
x_refsource_DEBIAN
RHSA-2017:1809
vendor-advisory
x_refsource_REDHAT
RHSA-2017:1802
vendor-advisory
x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now