Vulmon Recent Vulnerabilities Trends Blog About Contact
6.4
CVSSv2

CVE-2017-5648

Published: 17/04/2017 Updated: 20/07/2020
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9
VMScore: 570
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Subscribe to Apache

Vulnerability Summary

While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache tomcat 7.0.0

apache tomcat 7.0.1

apache tomcat 7.0.2

apache tomcat 7.0.3

apache tomcat 7.0.4

apache tomcat 7.0.5

apache tomcat 7.0.6

apache tomcat 7.0.7

apache tomcat 7.0.8

apache tomcat 7.0.9

apache tomcat 7.0.10

apache tomcat 7.0.11

apache tomcat 7.0.12

apache tomcat 7.0.13

apache tomcat 7.0.14

apache tomcat 7.0.15

apache tomcat 7.0.16

apache tomcat 7.0.17

apache tomcat 7.0.18

apache tomcat 7.0.19

apache tomcat 7.0.20

apache tomcat 7.0.21

apache tomcat 7.0.22

apache tomcat 7.0.23

apache tomcat 7.0.24

apache tomcat 7.0.25

apache tomcat 7.0.26

apache tomcat 7.0.27

apache tomcat 7.0.28

apache tomcat 7.0.29

apache tomcat 7.0.30

apache tomcat 7.0.31

apache tomcat 7.0.32

apache tomcat 7.0.33

apache tomcat 7.0.34

apache tomcat 7.0.35

apache tomcat 7.0.36

apache tomcat 7.0.37

apache tomcat 7.0.38

apache tomcat 7.0.39

apache tomcat 7.0.40

apache tomcat 7.0.41

apache tomcat 7.0.42

apache tomcat 7.0.43

apache tomcat 7.0.44

apache tomcat 7.0.45

apache tomcat 7.0.46

apache tomcat 7.0.47

apache tomcat 7.0.48

apache tomcat 7.0.49

apache tomcat 7.0.50

apache tomcat 7.0.51

apache tomcat 7.0.52

apache tomcat 7.0.53

apache tomcat 7.0.54

apache tomcat 7.0.55

apache tomcat 7.0.56

apache tomcat 7.0.57

apache tomcat 7.0.58

apache tomcat 7.0.59

apache tomcat 7.0.60

apache tomcat 7.0.61

apache tomcat 7.0.62

apache tomcat 7.0.63

apache tomcat 7.0.64

apache tomcat 7.0.65

apache tomcat 7.0.66

apache tomcat 7.0.67

apache tomcat 7.0.68

apache tomcat 7.0.69

apache tomcat 7.0.70

apache tomcat 7.0.71

apache tomcat 7.0.72

apache tomcat 7.0.73

apache tomcat 7.0.74

apache tomcat 7.0.75

apache tomcat 8.0.0

apache tomcat 8.0.1

apache tomcat 8.0.2

apache tomcat 8.0.3

apache tomcat 8.0.4

apache tomcat 8.0.5

apache tomcat 8.0.6

apache tomcat 8.0.7

apache tomcat 8.0.8

apache tomcat 8.0.9

apache tomcat 8.0.10

apache tomcat 8.0.11

apache tomcat 8.0.12

apache tomcat 8.0.13

apache tomcat 8.0.14

apache tomcat 8.0.15

apache tomcat 8.0.16

apache tomcat 8.0.17

apache tomcat 8.0.18

apache tomcat 8.0.19

apache tomcat 8.0.20

apache tomcat 8.0.21

apache tomcat 8.0.22

apache tomcat 8.0.23

apache tomcat 8.0.24

apache tomcat 8.0.25

apache tomcat 8.0.26

apache tomcat 8.0.27

apache tomcat 8.0.28

apache tomcat 8.0.29

apache tomcat 8.0.30

apache tomcat 8.0.31

apache tomcat 8.0.32

apache tomcat 8.0.33

apache tomcat 8.0.34

apache tomcat 8.0.35

apache tomcat 8.0.36

apache tomcat 8.0.37

apache tomcat 8.0.38

apache tomcat 8.0.39

apache tomcat 8.0.40

apache tomcat 8.0.41

apache tomcat 8.5.0

apache tomcat 8.5.1

apache tomcat 8.5.2

apache tomcat 8.5.3

apache tomcat 8.5.4

apache tomcat 8.5.5

apache tomcat 8.5.6

apache tomcat 8.5.7

apache tomcat 8.5.8

apache tomcat 8.5.9

apache tomcat 8.5.10

apache tomcat 8.5.11

apache tomcat 9.0.0

Vendor Advisories

Red Hat: Important: tomcat security update
Synopsis Important: tomcat security update Type/Severity Security Advisory: Important Topic An update for tomcat is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...
Red Hat: Important: Red Hat JBoss Web Server Service Pack 1 security update
Synopsis Important: Red Hat JBoss Web Server Service Pack 1 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Web Server 31Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Red Hat: Important: Red Hat JBoss Web Server 3.1.0 Service Pack 1 security update
Synopsis Important: Red Hat JBoss Web Server 310 Service Pack 1 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Web Server 31 for RHEL 6 and Red Hat JBoss Web Server 31 for RHEL 7Red Hat Product Security has rated this update as having a sec ...
Debian Security Advisories: DSA-3843-1 tomcat8 -- security update
Two vulnerabilities were discovered in tomcat8, a servlet and JSP engine CVE-2017-5647 Pipelined requests were processed incorrectly, which could result in some responses appearing to be sent for the wrong request CVE-2017-5648 Some application listeners calls were issued against the wrong objects, allowing untrusted applications running ...
Debian Security Advisories: DSA-3842-1 tomcat7 -- security update
Two vulnerabilities were discovered in tomcat7, a servlet and JSP engine CVE-2017-5647 Pipelined requests were processed incorrectly, which could result in some responses appearing to be sent for the wrong request CVE-2017-5648 Some application listeners calls were issued against the wrong objects, allowing untrusted applications running ...
Ubuntu Security Notice: tomcat7, tomcat8 vulnerabilities
Several security issues were fixed in Tomcat ...
Red Hat: CVE-2017-5648
A vulnerability was discovered in tomcat When running an untrusted application under a SecurityManager it was possible, under some circumstances, for that application to retain references to the request or response objects and thereby access and/or modify information associated with another web application ...
Debian CVElist Bug Report Logs: tomcat8: CVE-2017-5647, CVE-2017-5648, CVE-2017-5650, CVE-2017-5651
Debian Bug report logs - #860070 tomcat8: CVE-2017-5647, CVE-2017-5648, CVE-2017-5650, CVE-2017-5651 Package: src:tomcat8; Maintainer for src:tomcat8 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 11 Apr 2017 04:48:04 UTC Owne ...
Amazon Linux AMI: ALAS-2017-822
Incorrect handling of pipelined requests when send file was usedA bug in the handling of the pipelined requests in Apache Tomcat 900M1 to 900M18, 850 to 8512, 800RC1 to 8042, 700 to 7076, and 600 to 6052, when send file was used, results in the pipelined request being lost when send file processing of the previous request com ...
Debian CVElist Bug Report Logs: tomcat8: CVE-2017-5647, CVE-2017-5648, CVE-2017-5650, CVE-2017-5651
Debian Bug report logs - #860068 tomcat8: CVE-2017-5647, CVE-2017-5648, CVE-2017-5650, CVE-2017-5651 Package: src:tomcat8; Maintainer for src:tomcat8 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 11 Apr 2017 04:45:02 UTC Owne ...
Debian CVElist Bug Report Logs: tomcat8: CVE-2017-5647, CVE-2017-5648, CVE-2017-5650, CVE-2017-5651
Debian Bug report logs - #860071 tomcat8: CVE-2017-5647, CVE-2017-5648, CVE-2017-5650, CVE-2017-5651 Package: src:tomcat8; Maintainer for src:tomcat8 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 11 Apr 2017 04:51:02 UTC Owne ...
Debian CVElist Bug Report Logs: tomcat8: CVE-2017-5647, CVE-2017-5648, CVE-2017-5650, CVE-2017-5651
Debian Bug report logs - #860069 tomcat8: CVE-2017-5647, CVE-2017-5648, CVE-2017-5650, CVE-2017-5651 Package: src:tomcat8; Maintainer for src:tomcat8 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 11 Apr 2017 04:48:01 UTC Owne ...
Amazon Linux AMI: ALAS-2017-873
Security constrained bypass in error page mechanism:While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 900M1 to 900M17, 850 to 8511, 800RC1 to 8041, and 700 to 7075 did not use the appropriate facade object When running an untrusted application under a SecurityManager, it was ...
Brocade Security Advisories: BSA-2017-306
Summary While investigating bug 60718, it was noticed that some calls to application listeners did not use the appropriate facade object When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify i ...
Symantec Security Advisories: SA156: Apache Tomcat Vulnerabilities Apr-Oct 2017
Symantec Network Protection products using affected versions of Apache Tomcat are susceptible to multiple security vulnerabilities  A remote attacker, with access to the management interface, can obtain sensitive information from the server, modify information associated with a different web application, execute arbitrary code, modify server beha ...
Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2017
Oracle Solaris Third Party Bulletin - April 2017 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical Patch Upda ...
Oracle Linux Bulletins: Oracle Linux Bulletin - July 2017
Oracle Linux Bulletin - July 2017 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are released ...

Mailing Lists

Full Disclosure: CVE-2020-13932 Apache ActiveMQ Artemis - Remote XSS in Web console Diagram Plugin
[CVEID]:CVE-2017-5648 Apache ActiveMQ Artemis - Remote XSS in Web console Diagram Plugin Severity: Medium Vendor: The Apache Software Foundation Affected Version: Apache ActiveMQ Artemis 250 to 2130 Vulnerability details: A specifically crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability ...

Github Repositories

cybsec

Cyber Securiy MOOC Unsecure project

LINK: githubcom/ilmari666/cybsec Based on the Springboot-template as per course material that can be installed and run with suitably configured Netbeans and Maven Five flaws as per wwwowasporg/images/7/72/OWASP_Top_10-2017_%28en%29pdfpdf This document can be read at githubcom/ilmari666/cybsec/blob/master/READMEmd FLAW 1: A2:2017 Broken Authentica

References

CWE-668http://www.debian.org/security/2017/dsa-3842http://www.debian.org/security/2017/dsa-3843http://www.openwall.com/lists/oss-security/2020/07/20/8http://www.securityfocus.com/bid/97530http://www.securitytracker.com/id/1038220https://access.redhat.com/errata/RHSA-2017:1801https://access.redhat.com/errata/RHSA-2017:1802https://access.redhat.com/errata/RHSA-2017:1809https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600@%3Cannounce.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3Ehttps://security.gentoo.org/glsa/201705-09https://security.netapp.com/advisory/ntap-20180614-0001/https://www.rapid7.com/db/vulnerabilities/oracle_linux-cve-2017-5648https://access.redhat.com/errata/RHSA-2017:1809https://nvd.nist.govhttps://usn.ubuntu.com/3519-1/https://www.debian.org/security/./dsa-3843
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
arbitrary codeCVE-2021-21259CVE-2021-3115hard-codedCVE-2021-1140CVE-2020-11150CVE-2019-8791physicalCVE-2020-11215