QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2017-7675

Back to search

CVE-2017-7675

Published: Aug 11, 2017

Modified: Sep 17, 2024

PUBLISHED

Description

The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL.

VendorProductVersions

Apache Software Foundation

Apache Tomcat

affected
9.0.0.M1 to 9.0.0.M21
affected
8.5.0 to 8.5.15

References

100256
vdb-entry
x_refsource_BID
DSA-3974
vendor-advisory
x_refsource_DEBIAN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now