ID

VAR-201706-0361


CVE

CVE-2017-5664


TITLE

Apache Tomcat Security restriction bypass vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-004051

DESCRIPTION

The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat 9.0.0.M1 to 9.0.0.M20, 8.5.0 to 8.5.14, 8.0.0.RC1 to 8.0.43 and 7.0.0 to 7.0.77 did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the HTTP method. JSPs used as error pages must must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method. Apache Tomcat Contains a security restriction bypass vulnerability. The Apache Software Foundation From Apache Tomcat An update has been released for the following vulnerabilities: * * Security restriction bypass vulnerability related to error page processing (CVE-2017-5664 )Crafted HTTP By processing the request, the error page may be deleted or overwritten. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. The updates are documented in the Release Notes document linked to in the References. Security Fix(es): * A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-6304) * A vulnerability was discovered in tomcat's handling of pipelined requests when "Sendfile" was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5664) * A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. (CVE-2016-8610) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and Shi Lei (Gear Team of Qihoo 360 Inc.) for reporting CVE-2016-8610. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6304. Solution: Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). After installing the updated packages, the httpd daemon will be restarted automatically. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: tomcat security update Advisory ID: RHSA-2017:1809-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:1809 Issue date: 2017-07-27 CVE Names: CVE-2017-5648 CVE-2017-5664 ===================================================================== 1. Summary: An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch Red Hat Enterprise Linux Client Optional (v. 7) - noarch Red Hat Enterprise Linux ComputeNode (v. 7) - noarch Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Enterprise Linux Server Optional (v. 7) - noarch Red Hat Enterprise Linux Workstation (v. 7) - noarch Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch 3. When running an untrusted application under a SecurityManager it was possible, under some circumstances, for that application to retain references to the request or response objects and thereby access and/or modify information associated with another web application. (CVE-2017-5648) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1441223 - CVE-2017-5648 tomcat: Calls to application listeners did not use the appropriate facade object 1459158 - CVE-2017-5664 tomcat: Security constrained bypass in error page mechanism 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: tomcat-7.0.69-12.el7_3.src.rpm noarch: tomcat-servlet-3.0-api-7.0.69-12.el7_3.noarch.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: tomcat-7.0.69-12.el7_3.noarch.rpm tomcat-admin-webapps-7.0.69-12.el7_3.noarch.rpm tomcat-docs-webapp-7.0.69-12.el7_3.noarch.rpm tomcat-el-2.2-api-7.0.69-12.el7_3.noarch.rpm tomcat-javadoc-7.0.69-12.el7_3.noarch.rpm tomcat-jsp-2.2-api-7.0.69-12.el7_3.noarch.rpm tomcat-jsvc-7.0.69-12.el7_3.noarch.rpm tomcat-lib-7.0.69-12.el7_3.noarch.rpm tomcat-webapps-7.0.69-12.el7_3.noarch.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: tomcat-7.0.69-12.el7_3.src.rpm noarch: tomcat-servlet-3.0-api-7.0.69-12.el7_3.noarch.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: tomcat-7.0.69-12.el7_3.noarch.rpm tomcat-admin-webapps-7.0.69-12.el7_3.noarch.rpm tomcat-docs-webapp-7.0.69-12.el7_3.noarch.rpm tomcat-el-2.2-api-7.0.69-12.el7_3.noarch.rpm tomcat-javadoc-7.0.69-12.el7_3.noarch.rpm tomcat-jsp-2.2-api-7.0.69-12.el7_3.noarch.rpm tomcat-jsvc-7.0.69-12.el7_3.noarch.rpm tomcat-lib-7.0.69-12.el7_3.noarch.rpm tomcat-webapps-7.0.69-12.el7_3.noarch.rpm Red Hat Enterprise Linux Server (v. 7): Source: tomcat-7.0.69-12.el7_3.src.rpm noarch: tomcat-7.0.69-12.el7_3.noarch.rpm tomcat-admin-webapps-7.0.69-12.el7_3.noarch.rpm tomcat-el-2.2-api-7.0.69-12.el7_3.noarch.rpm tomcat-jsp-2.2-api-7.0.69-12.el7_3.noarch.rpm tomcat-lib-7.0.69-12.el7_3.noarch.rpm tomcat-servlet-3.0-api-7.0.69-12.el7_3.noarch.rpm tomcat-webapps-7.0.69-12.el7_3.noarch.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: tomcat-7.0.69-12.el7_3.noarch.rpm tomcat-admin-webapps-7.0.69-12.el7_3.noarch.rpm tomcat-docs-webapp-7.0.69-12.el7_3.noarch.rpm tomcat-el-2.2-api-7.0.69-12.el7_3.noarch.rpm tomcat-javadoc-7.0.69-12.el7_3.noarch.rpm tomcat-jsp-2.2-api-7.0.69-12.el7_3.noarch.rpm tomcat-jsvc-7.0.69-12.el7_3.noarch.rpm tomcat-lib-7.0.69-12.el7_3.noarch.rpm tomcat-webapps-7.0.69-12.el7_3.noarch.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: tomcat-7.0.69-12.el7_3.src.rpm noarch: tomcat-7.0.69-12.el7_3.noarch.rpm tomcat-admin-webapps-7.0.69-12.el7_3.noarch.rpm tomcat-el-2.2-api-7.0.69-12.el7_3.noarch.rpm tomcat-jsp-2.2-api-7.0.69-12.el7_3.noarch.rpm tomcat-lib-7.0.69-12.el7_3.noarch.rpm tomcat-servlet-3.0-api-7.0.69-12.el7_3.noarch.rpm tomcat-webapps-7.0.69-12.el7_3.noarch.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: tomcat-docs-webapp-7.0.69-12.el7_3.noarch.rpm tomcat-javadoc-7.0.69-12.el7_3.noarch.rpm tomcat-jsvc-7.0.69-12.el7_3.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-5648 https://access.redhat.com/security/cve/CVE-2017-5664 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFZeYTJXlSAg2UNWIIRAiRLAJ9mLApI6LC2N8mfgxyqv7Ndu04maACfaPeM /dGPQXHuX1omxWSQ/miLBj8= =Ia1W -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . The References section of this erratum contains a download link (you must log in to download the update). Security Fix(es): * It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application

Trust: 2.61

sources: NVD: CVE-2017-5664 // JVNDB: JVNDB-2017-004051 // BID: 98888 // VULMON: CVE-2017-5664 // PACKETSTORM: 143874 // PACKETSTORM: 143519 // PACKETSTORM: 144014 // PACKETSTORM: 144019 // PACKETSTORM: 143873 // PACKETSTORM: 144013 // PACKETSTORM: 143500

AFFECTED PRODUCTS

vendor:apachemodel:tomcatscope:eqversion:8.5.14

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:8.5.13

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:8.5.12

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:8.5.11

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:8.5.9

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:8.5.8

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:8.5.7

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:8.5.6

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:8.5.5

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:8.5.4

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:8.5.1

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:8.0.43

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:8.0.42

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:8.0.41

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:8.0.40

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:8.0.39

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:8.0.38

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:8.0.37

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:8.0.36

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:8.0.35

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:8.0.34

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:8.0.33

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:8.0.30

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:8.0.27

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:8.0.19

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:8.0.17

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:8.0.15

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:8.0.9

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:8.0.5

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:8.0.3

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:8.0.1

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.77

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.76

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.75

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.74

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.73

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.72

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.70

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.69

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.67

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.65

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.60

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.59

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.57

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.54

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.50

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.33

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.32

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.31

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.30

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.29

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.28

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.27

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.26

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.25

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.24

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.23

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.17

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.16

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.15

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.14

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.13

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.12

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.7

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.6

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.4

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.3

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.2

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.1

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:8.5.3

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:8.5.2

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:8.5.0

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:8.0.32

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.68

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.55

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.5

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.49

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.48

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.47

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.46

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.45

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.44

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.43

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.42

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.41

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.40

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.39

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.38

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.37

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.36

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.35

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.34

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.22

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.21

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.20

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.19

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.18

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.11

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:7.0.10

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:8.0.14

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:8.0.0

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:8.0.20

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:8.0.16

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:8.0.10

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:8.0.21

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:8.0.29

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:8.0.7

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:8.0.22

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.58

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:9.0.0

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.61

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:8.0.6

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.66

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.64

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:8.0.4

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.51

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.62

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.0

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:8.0.12

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:8.0.28

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:8.0.13

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:8.0.23

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.9

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.56

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:8.0.26

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:8.0.2

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:8.0.18

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.63

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.71

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:8.5.10

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:8.0.25

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:8.0.11

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:7.0.8

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:8.0.24

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:8.0.31

Trust: 1.0

vendor:apachemodel:tomcatscope:lteversion:7.0.0 from 7.0.77

Trust: 0.8

vendor:apachemodel:tomcatscope:lteversion:8.0.0.rc1 from 8.0.43

Trust: 0.8

vendor:apachemodel:tomcatscope:lteversion:8.5.0 from 8.5.14

Trust: 0.8

vendor:apachemodel:tomcatscope:lteversion:9.0.0.m1 from 9.0.0.m20

Trust: 0.8

vendor:necmodel:mailshooterscope:eqversion: -

Trust: 0.8

vendor:necmodel:simpwrightscope:eqversion:v6

Trust: 0.8

vendor:necmodel:simpwrightscope:eqversion:v7

Trust: 0.8

vendor:necmodel:spoolserver/winspool seriesscope:eqversion:reportfiling ver5.2 ~ 6.2

Trust: 0.8

vendor:necmodel:webotxscope: - version: -

Trust: 0.8

vendor:hitachimodel:jp1/cm2/network node managerscope: - version: -

Trust: 0.8

vendor:hitachimodel:jp1/network node managerscope: - version: -

Trust: 0.8

vendor:redhatmodel:jboss web server for rhelscope:eqversion:3.17

Trust: 0.3

vendor:redhatmodel:jboss web server for rhelscope:eqversion:3.16

Trust: 0.3

vendor:redhatmodel:jboss web serverscope:eqversion:0

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.2.1182

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.4.2.4181

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.4.1

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.4.0

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.3.4.3247

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.3.3.1199

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.3.2.1162

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.3.0.1098

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.2.8.2223

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.2.7.1204

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.2.5.1141

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.2.4.1102

Trust: 0.3

vendor:oraclemodel:mysql enterprise monitorscope:eqversion:3.2.1.1049

Trust: 0.3

vendor:oraclemodel:hospitality guest accessscope:eqversion:4.2.1.0

Trust: 0.3

vendor:oraclemodel:hospitality guest accessscope:eqversion:4.2.0.0

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:7

Trust: 0.3

vendor:oraclemodel:communications interactive session recorderscope:eqversion:6.2

Trust: 0.3

vendor:oraclemodel:communications interactive session recorderscope:eqversion:6.1

Trust: 0.3

vendor:oraclemodel:communications interactive session recorderscope:eqversion:6.0

Trust: 0.3

vendor:oraclemodel:communications instant messaging serverscope:eqversion:10.0.1

Trust: 0.3

vendor:oraclemodel:communications application session controllerscope:eqversion:3.8

Trust: 0.3

vendor:oraclemodel:communications application session controllerscope:eqversion:3.7.1

Trust: 0.3

vendor:bluecoatmodel:x-series xosscope:eqversion:9.7

Trust: 0.3

vendor:bluecoatmodel:x-series xosscope:eqversion:11.0

Trust: 0.3

vendor:bluecoatmodel:x-series xosscope:eqversion:10.0

Trust: 0.3

vendor:bluecoatmodel:management centerscope:eqversion:1.11

Trust: 0.3

vendor:bluecoatmodel:mail threat defensescope:eqversion:1.1

Trust: 0.3

vendor:bluecoatmodel:content analysis systemscope:eqversion:1.3

Trust: 0.3

vendor:bluecoatmodel:content analysisscope:eqversion:2.2

Trust: 0.3

vendor:bluecoatmodel:content analysisscope:eqversion:2.1

Trust: 0.3

vendor:bluecoatmodel:advanced secure gatewayscope:eqversion:6.7

Trust: 0.3

vendor:bluecoatmodel:advanced secure gatewayscope:eqversion:6.6

Trust: 0.3

vendor:apachemodel:tomcatscope:eqversion:8.0.8

Trust: 0.3

vendor:apachemodel:tomcatscope:eqversion:7.0.53

Trust: 0.3

vendor:apachemodel:tomcatscope:eqversion:7.0

Trust: 0.3

vendor:apachemodel:tomcat 9.0.0.m9scope: - version: -

Trust: 0.3

vendor:apachemodel:tomcat 9.0.0.m7scope: - version: -

Trust: 0.3

vendor:apachemodel:tomcat 9.0.0.m5scope: - version: -

Trust: 0.3

vendor:apachemodel:tomcat 9.0.0.m4scope: - version: -

Trust: 0.3

vendor:apachemodel:tomcat 9.0.0.m3scope: - version: -

Trust: 0.3

vendor:apachemodel:tomcat 9.0.0.m20scope: - version: -

Trust: 0.3

vendor:apachemodel:tomcat 9.0.0.m2scope: - version: -

Trust: 0.3

vendor:apachemodel:tomcat 9.0.0.m19scope: - version: -

Trust: 0.3

vendor:apachemodel:tomcat 9.0.0.m18scope: - version: -

Trust: 0.3

vendor:apachemodel:tomcat 9.0.0.m17scope: - version: -

Trust: 0.3

vendor:apachemodel:tomcat 9.0.0.m15scope: - version: -

Trust: 0.3

vendor:apachemodel:tomcat 9.0.0.m13scope: - version: -

Trust: 0.3

vendor:apachemodel:tomcat 9.0.0.m12scope: - version: -

Trust: 0.3

vendor:apachemodel:tomcat 9.0.0.m11scope: - version: -

Trust: 0.3

vendor:apachemodel:tomcat 9.0.0.m10scope: - version: -

Trust: 0.3

vendor:apachemodel:tomcat 9.0.0.m1scope: - version: -

Trust: 0.3

vendor:apachemodel:tomcat 8.0.0.rc1scope: - version: -

Trust: 0.3

vendor:apachemodel:tomcatscope:neversion:8.5.15

Trust: 0.3

vendor:apachemodel:tomcatscope:neversion:8.0.44

Trust: 0.3

vendor:apachemodel:tomcatscope:neversion:7.0.78

Trust: 0.3

vendor:apachemodel:tomcat 9.0.0.m21scope:neversion: -

Trust: 0.3

sources: BID: 98888 // JVNDB: JVNDB-2017-004051 // NVD: CVE-2017-5664

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-5664
value: HIGH

Trust: 1.0

NVD: CVE-2017-5664
value: HIGH

Trust: 0.8

VULMON: CVE-2017-5664
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-5664
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2017-5664
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULMON: CVE-2017-5664 // JVNDB: JVNDB-2017-004051 // NVD: CVE-2017-5664

PROBLEMTYPE DATA

problemtype:CWE-755

Trust: 1.0

problemtype:CWE-254

Trust: 0.8

sources: JVNDB: JVNDB-2017-004051 // NVD: CVE-2017-5664

THREAT TYPE

network

Trust: 0.3

sources: BID: 98888

TYPE

Configuration Error

Trust: 0.3

sources: BID: 98888

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-004051

PATCH

title:Fixed in Apache Tomcat 8.0.44url:http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.44

Trust: 0.8

title:Fixed in Apache Tomcat 7.0.78url:http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.78

Trust: 0.8

title:Fixed in Apache Tomcat 9.0.0.M21url:http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M21

Trust: 0.8

title:Fixed in Apache Tomcat 8.5.15url:http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.15

Trust: 0.8

title:hitachi-sec-2019-107url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2019-107/index.html

Trust: 0.8

title:NV17-015url:http://jpn.nec.com/security-info/secinfo/nv17-015.html

Trust: 0.8

title:[SECURITY] CVE-2017-5664 Apache Tomcat Security Constraint Bypassurl:https://lists.apache.org/thread.html/a42c48e37398d76334e17089e43ccab945238b8b7896538478d76066@%3Cannounce.tomcat.apache.org%3E

Trust: 0.8

title:hitachi-sec-2019-107url:http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2019-107/index.html

Trust: 0.8

title:Red Hat: Important: tomcat security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20171809 - Security Advisory

Trust: 0.1

title:Red Hat: Important: tomcat6 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20173080 - Security Advisory

Trust: 0.1

title:Debian Security Advisories: DSA-3892-1 tomcat7 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=84d07d805fb625d5e5269555c0f8846e

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Web Server 3.1.0 Service Pack 1 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20171801 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Web Server Service Pack 1 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20171802 - Security Advisory

Trust: 0.1

title:Debian Security Advisories: DSA-3891-1 tomcat8 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=91198151af7100bd505e12e11d3f56e5

Trust: 0.1

title:Debian CVElist Bug Report Logs: tomcat8: CVE-2017-5664: Security constrained bypass in error page mechanismurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=6e84a658cd855bbabe4c36955d8fe865

Trust: 0.1

title:Arch Linux Advisories: [ASA-201706-6] tomcat7: access restriction bypassurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201706-6

Trust: 0.1

title:Amazon Linux AMI: ALAS-2017-853url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2017-853

Trust: 0.1

title:Amazon Linux AMI: ALAS-2017-854url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2017-854

Trust: 0.1

title:Arch Linux Advisories: [ASA-201706-7] tomcat8: access restriction bypassurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201706-7

Trust: 0.1

title:Ubuntu Security Notice: tomcat7, tomcat8 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3519-1

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2017-5664

Trust: 0.1

title:Amazon Linux AMI: ALAS-2017-862url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2017-862

Trust: 0.1

title:Amazon Linux AMI: ALAS-2017-873url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2017-873

Trust: 0.1

title:Hitachi Security Advisories: Multiple Vulnerabilities in JP1/Network Node Manager iurl:https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2019-107

Trust: 0.1

title:Forcepoint Security Advisories: CVE-2017-5664 Apache Tomcat Security Constraint Bypass Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories&qid=85b7afd6cc93580dc2508b4ad46d18f2

Trust: 0.1

title:Symantec Security Advisories: SA156: Apache Tomcat Vulnerabilities Apr-Oct 2017url:https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=8d498c8e227285c90100c42076428782

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=a22ad41e97bbfc5abb0bb927bf43089c

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - July 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=5f8c525f1408011628af1792207b2099

Trust: 0.1

title:Oracle Linux Bulletins: Oracle Linux Bulletin - July 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=549dc795290b298746065b62b4bb7928

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - April 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=4019ca77f50c7a34e4d97833e6f3321e

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - October 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=523d3f220a64ff01dd95e064bd37566a

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - January 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=e2a7f287e9acc8c64ab3df71130bc64d

Trust: 0.1

title:Oracle Linux Bulletins: Oracle Linux Bulletin - October 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=7251d5e5f2b1771951980ad7cfde50ba

Trust: 0.1

title:vulners-yum-scannerurl:https://github.com/dkiser/vulners-yum-scanner

Trust: 0.1

title:A2:2017 Broken Authentication A5:2017 Broken Access Control A3:2017 Sensitive Data Exposure A6:2017 Security Misconfiguration A9:2017 Using Components with Known Vulnerabilities A10:2017 Insufficient Logging & Monitoringurl:https://github.com/ilmari666/cybsec

Trust: 0.1

title:veracode-container-security-finding-parserurl:https://github.com/vincent-deng/veracode-container-security-finding-parser

Trust: 0.1

sources: VULMON: CVE-2017-5664 // JVNDB: JVNDB-2017-004051

EXTERNAL IDS

db:NVDid:CVE-2017-5664

Trust: 2.9

db:BIDid:98888

Trust: 1.4

db:SECTRACKid:1038641

Trust: 1.1

db:JVNid:JVNVU95420726

Trust: 0.8

db:JVNDBid:JVNDB-2017-004051

Trust: 0.8

db:VULMONid:CVE-2017-5664

Trust: 0.1

db:PACKETSTORMid:143874

Trust: 0.1

db:PACKETSTORMid:143519

Trust: 0.1

db:PACKETSTORMid:144014

Trust: 0.1

db:PACKETSTORMid:144019

Trust: 0.1

db:PACKETSTORMid:143873

Trust: 0.1

db:PACKETSTORMid:144013

Trust: 0.1

db:PACKETSTORMid:143500

Trust: 0.1

sources: VULMON: CVE-2017-5664 // BID: 98888 // JVNDB: JVNDB-2017-004051 // PACKETSTORM: 143874 // PACKETSTORM: 143519 // PACKETSTORM: 144014 // PACKETSTORM: 144019 // PACKETSTORM: 143873 // PACKETSTORM: 144013 // PACKETSTORM: 143500 // NVD: CVE-2017-5664

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2017-5664

Trust: 1.5

url:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Trust: 1.4

url:https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Trust: 1.4

url:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Trust: 1.4

url:https://access.redhat.com/errata/rhsa-2017:1809

Trust: 1.3

url:http://www.securityfocus.com/bid/98888

Trust: 1.2

url:https://access.redhat.com/errata/rhsa-2017:2638

Trust: 1.2

url:https://access.redhat.com/errata/rhsa-2017:2636

Trust: 1.2

url:https://access.redhat.com/errata/rhsa-2017:2633

Trust: 1.2

url:https://access.redhat.com/errata/rhsa-2017:2494

Trust: 1.2

url:https://access.redhat.com/errata/rhsa-2017:2493

Trust: 1.2

url:http://www.securitytracker.com/id/1038641

Trust: 1.1

url:http://www.debian.org/security/2017/dsa-3892

Trust: 1.1

url:http://www.debian.org/security/2017/dsa-3891

Trust: 1.1

url:https://security.netapp.com/advisory/ntap-20171019-0002/

Trust: 1.1

url:https://access.redhat.com/errata/rhsa-2017:3080

Trust: 1.1

url:https://access.redhat.com/errata/rhsa-2017:2637

Trust: 1.1

url:https://access.redhat.com/errata/rhsa-2017:2635

Trust: 1.1

url:https://access.redhat.com/errata/rhsa-2017:1802

Trust: 1.1

url:https://access.redhat.com/errata/rhsa-2017:1801

Trust: 1.1

url:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

Trust: 1.1

url:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

Trust: 1.1

url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbux03828en_us

Trust: 1.1

url:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Trust: 1.1

url:https://lists.apache.org/thread.html/a42c48e37398d76334e17089e43ccab945238b8b7896538478d76066%40%3cannounce.tomcat.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3cdev.tomcat.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3cdev.tomcat.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3cdev.tomcat.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3cdev.tomcat.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3cdev.tomcat.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3cdev.tomcat.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3cdev.tomcat.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3cdev.tomcat.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3cdev.tomcat.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3cdev.tomcat.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3cdev.tomcat.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3cdev.tomcat.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3cdev.tomcat.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3cdev.tomcat.apache.org%3e

Trust: 1.1

url:https://access.redhat.com/security/cve/cve-2017-5664

Trust: 1.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5664

Trust: 0.8

url:http://jvn.jp/cert/jvnvu95420726

Trust: 0.8

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.7

url:https://bugzilla.redhat.com/):

Trust: 0.7

url:https://access.redhat.com/security/team/contact/

Trust: 0.7

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.7

url:https://access.redhat.com/security/team/key/

Trust: 0.4

url:https://access.redhat.com/articles/11258

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2017-5645

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2017-5645

Trust: 0.4

url:https://bugzilla.redhat.com/show_bug.cgi?id=1459158

Trust: 0.3

url:http://tomcat.apache.org/

Trust: 0.3

url:https://lists.apache.org/thread.html/a42c48e37398d76334e17089e43ccab945238b8b7896538478d76066@%3cannounce.tomcat.apache.org%3e

Trust: 0.3

url:https://www.symantec.com/security-center/network-protection-security-advisories/sa156

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2017-5647

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2017-5647

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2017-7525

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2017-7525

Trust: 0.3

url:https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform?version=6.4/

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2016-6304

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-6304

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2016-8610

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-8610

Trust: 0.2

url:https://access.redhat.com/articles/3155411

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2017-5648

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2017-5648

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/755.html

Trust: 0.1

url:https://www.debian.org/security/./dsa-3892

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://usn.ubuntu.com/3519-1/

Trust: 0.1

url:https://tools.cisco.com/security/center/viewalert.x?alertid=55627

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver&downloadtype=securitypatches&version=2.1.2

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform&downloadtype=securitypatches&version=6.4

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/3/html-single/3.1_release_notes/index.html

Trust: 0.1

url:https://access.redhat.com/security/vulnerabilities/httpoxy

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver&downloadtype=securitypatches&version=3.1

Trust: 0.1

url:https://rhn.redhat.com/errata/rhsa-2017-1802.html

Trust: 0.1

url:https://access.redhat.com/solutions/2435491

Trust: 0.1

sources: VULMON: CVE-2017-5664 // BID: 98888 // JVNDB: JVNDB-2017-004051 // PACKETSTORM: 143874 // PACKETSTORM: 143519 // PACKETSTORM: 144014 // PACKETSTORM: 144019 // PACKETSTORM: 143873 // PACKETSTORM: 144013 // PACKETSTORM: 143500 // NVD: CVE-2017-5664

CREDITS

Red Hat

Trust: 0.7

sources: PACKETSTORM: 143874 // PACKETSTORM: 143519 // PACKETSTORM: 144014 // PACKETSTORM: 144019 // PACKETSTORM: 143873 // PACKETSTORM: 144013 // PACKETSTORM: 143500

SOURCES

db:VULMONid:CVE-2017-5664
db:BIDid:98888
db:JVNDBid:JVNDB-2017-004051
db:PACKETSTORMid:143874
db:PACKETSTORMid:143519
db:PACKETSTORMid:144014
db:PACKETSTORMid:144019
db:PACKETSTORMid:143873
db:PACKETSTORMid:144013
db:PACKETSTORMid:143500
db:NVDid:CVE-2017-5664

LAST UPDATE DATE

2024-11-20T20:48:34.052000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2017-5664date:2023-12-08T00:00:00
db:BIDid:98888date:2019-07-17T09:00:00
db:JVNDBid:JVNDB-2017-004051date:2019-04-12T00:00:00
db:NVDid:CVE-2017-5664date:2023-12-08T16:41:18.860

SOURCES RELEASE DATE

db:VULMONid:CVE-2017-5664date:2017-06-06T00:00:00
db:BIDid:98888date:2017-06-06T00:00:00
db:JVNDBid:JVNDB-2017-004051date:2017-06-15T00:00:00
db:PACKETSTORMid:143874date:2017-08-22T05:29:02
db:PACKETSTORMid:143519date:2017-07-27T14:44:00
db:PACKETSTORMid:144014date:2017-09-05T23:44:00
db:PACKETSTORMid:144019date:2017-09-06T04:16:42
db:PACKETSTORMid:143873date:2017-08-22T05:28:16
db:PACKETSTORMid:144013date:2017-09-05T23:23:00
db:PACKETSTORMid:143500date:2017-07-25T23:15:33
db:NVDid:CVE-2017-5664date:2017-06-06T14:29:00.937