6.4
CVSSv2

CVE-2017-5648

Published: 17/04/2017 Updated: 20/07/2020
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9
VMScore: 570
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Vulnerability Summary

While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache tomcat 7.0.0

apache tomcat 7.0.1

apache tomcat 7.0.2

apache tomcat 7.0.3

apache tomcat 7.0.4

apache tomcat 7.0.5

apache tomcat 7.0.6

apache tomcat 7.0.7

apache tomcat 7.0.8

apache tomcat 7.0.9

apache tomcat 7.0.10

apache tomcat 7.0.11

apache tomcat 7.0.12

apache tomcat 7.0.13

apache tomcat 7.0.14

apache tomcat 7.0.15

apache tomcat 7.0.16

apache tomcat 7.0.17

apache tomcat 7.0.18

apache tomcat 7.0.19

apache tomcat 7.0.20

apache tomcat 7.0.21

apache tomcat 7.0.22

apache tomcat 7.0.23

apache tomcat 7.0.24

apache tomcat 7.0.25

apache tomcat 7.0.26

apache tomcat 7.0.27

apache tomcat 7.0.28

apache tomcat 7.0.29

apache tomcat 7.0.30

apache tomcat 7.0.31

apache tomcat 7.0.32

apache tomcat 7.0.33

apache tomcat 7.0.34

apache tomcat 7.0.35

apache tomcat 7.0.36

apache tomcat 7.0.37

apache tomcat 7.0.38

apache tomcat 7.0.39

apache tomcat 7.0.40

apache tomcat 7.0.41

apache tomcat 7.0.42

apache tomcat 7.0.43

apache tomcat 7.0.44

apache tomcat 7.0.45

apache tomcat 7.0.46

apache tomcat 7.0.47

apache tomcat 7.0.48

apache tomcat 7.0.49

apache tomcat 7.0.50

apache tomcat 7.0.51

apache tomcat 7.0.52

apache tomcat 7.0.53

apache tomcat 7.0.54

apache tomcat 7.0.55

apache tomcat 7.0.56

apache tomcat 7.0.57

apache tomcat 7.0.58

apache tomcat 7.0.59

apache tomcat 7.0.60

apache tomcat 7.0.61

apache tomcat 7.0.62

apache tomcat 7.0.63

apache tomcat 7.0.64

apache tomcat 7.0.65

apache tomcat 7.0.66

apache tomcat 7.0.67

apache tomcat 7.0.68

apache tomcat 7.0.69

apache tomcat 7.0.70

apache tomcat 7.0.71

apache tomcat 7.0.72

apache tomcat 7.0.73

apache tomcat 7.0.74

apache tomcat 7.0.75

apache tomcat 8.0.0

apache tomcat 8.0.1

apache tomcat 8.0.2

apache tomcat 8.0.3

apache tomcat 8.0.4

apache tomcat 8.0.5

apache tomcat 8.0.6

apache tomcat 8.0.7

apache tomcat 8.0.8

apache tomcat 8.0.9

apache tomcat 8.0.10

apache tomcat 8.0.11

apache tomcat 8.0.12

apache tomcat 8.0.13

apache tomcat 8.0.14

apache tomcat 8.0.15

apache tomcat 8.0.16

apache tomcat 8.0.17

apache tomcat 8.0.18

apache tomcat 8.0.19

apache tomcat 8.0.20

apache tomcat 8.0.21

apache tomcat 8.0.22

apache tomcat 8.0.23

apache tomcat 8.0.24

apache tomcat 8.0.25

apache tomcat 8.0.26

apache tomcat 8.0.27

apache tomcat 8.0.28

apache tomcat 8.0.29

apache tomcat 8.0.30

apache tomcat 8.0.31

apache tomcat 8.0.32

apache tomcat 8.0.33

apache tomcat 8.0.34

apache tomcat 8.0.35

apache tomcat 8.0.36

apache tomcat 8.0.37

apache tomcat 8.0.38

apache tomcat 8.0.39

apache tomcat 8.0.40

apache tomcat 8.0.41

apache tomcat 8.5.0

apache tomcat 8.5.1

apache tomcat 8.5.2

apache tomcat 8.5.3

apache tomcat 8.5.4

apache tomcat 8.5.5

apache tomcat 8.5.6

apache tomcat 8.5.7

apache tomcat 8.5.8

apache tomcat 8.5.9

apache tomcat 8.5.10

apache tomcat 8.5.11

apache tomcat 9.0.0

Vendor Advisories

Synopsis Important: tomcat security update Type/Severity Security Advisory: Important Topic An update for tomcat is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...
Synopsis Important: Red Hat JBoss Web Server Service Pack 1 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Web Server 31Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Synopsis Important: Red Hat JBoss Web Server 310 Service Pack 1 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Web Server 31 for RHEL 6 and Red Hat JBoss Web Server 31 for RHEL 7Red Hat Product Security has rated this update as having a sec ...
Two vulnerabilities were discovered in tomcat8, a servlet and JSP engine CVE-2017-5647 Pipelined requests were processed incorrectly, which could result in some responses appearing to be sent for the wrong request CVE-2017-5648 Some application listeners calls were issued against the wrong objects, allowing untrusted applications running ...
Two vulnerabilities were discovered in tomcat7, a servlet and JSP engine CVE-2017-5647 Pipelined requests were processed incorrectly, which could result in some responses appearing to be sent for the wrong request CVE-2017-5648 Some application listeners calls were issued against the wrong objects, allowing untrusted applications running ...
Several security issues were fixed in Tomcat ...
A vulnerability was discovered in tomcat When running an untrusted application under a SecurityManager it was possible, under some circumstances, for that application to retain references to the request or response objects and thereby access and/or modify information associated with another web application ...
Debian Bug report logs - #860070 tomcat8: CVE-2017-5647, CVE-2017-5648, CVE-2017-5650, CVE-2017-5651 Package: src:tomcat8; Maintainer for src:tomcat8 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 11 Apr 2017 04:48:04 UTC Owne ...
Incorrect handling of pipelined requests when send file was usedA bug in the handling of the pipelined requests in Apache Tomcat 900M1 to 900M18, 850 to 8512, 800RC1 to 8042, 700 to 7076, and 600 to 6052, when send file was used, results in the pipelined request being lost when send file processing of the previous request com ...
Debian Bug report logs - #860068 tomcat8: CVE-2017-5647, CVE-2017-5648, CVE-2017-5650, CVE-2017-5651 Package: src:tomcat8; Maintainer for src:tomcat8 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 11 Apr 2017 04:45:02 UTC Owne ...
Debian Bug report logs - #860071 tomcat8: CVE-2017-5647, CVE-2017-5648, CVE-2017-5650, CVE-2017-5651 Package: src:tomcat8; Maintainer for src:tomcat8 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 11 Apr 2017 04:51:02 UTC Owne ...
Debian Bug report logs - #860069 tomcat8: CVE-2017-5647, CVE-2017-5648, CVE-2017-5650, CVE-2017-5651 Package: src:tomcat8; Maintainer for src:tomcat8 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 11 Apr 2017 04:48:01 UTC Owne ...
Security constrained bypass in error page mechanism:While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 900M1 to 900M17, 850 to 8511, 800RC1 to 8041, and 700 to 7075 did not use the appropriate facade object When running an untrusted application under a SecurityManager, it was ...
Summary While investigating bug 60718, it was noticed that some calls to application listeners did not use the appropriate facade object When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify i ...
Symantec Network Protection products using affected versions of Apache Tomcat are susceptible to multiple security vulnerabilities  A remote attacker, with access to the management interface, can obtain sensitive information from the server, modify information associated with a different web application, execute arbitrary code, modify server beha ...
Oracle Solaris Third Party Bulletin - April 2017 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical Patch Upda ...
Oracle Linux Bulletin - July 2017 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are released ...

Mailing Lists

[CVEID]:CVE-2017-5648 Apache ActiveMQ Artemis - Remote XSS in Web console Diagram Plugin Severity: Medium Vendor: The Apache Software Foundation Affected Version: Apache ActiveMQ Artemis 250 to 2130 Vulnerability details: A specifically crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability ...

Github Repositories

Cyber Securiy MOOC Unsecure project

LINK: githubcom/ilmari666/cybsec Based on the Springboot-template as per course material that can be installed and run with suitably configured Netbeans and Maven Five flaws as per wwwowasporg/images/7/72/OWASP_Top_10-2017_%28en%29pdfpdf This document can be read at githubcom/ilmari666/cybsec/blob/master/READMEmd FLAW 1: A2:2017 Broken Authentica

References

CWE-668http://www.debian.org/security/2017/dsa-3842http://www.debian.org/security/2017/dsa-3843http://www.openwall.com/lists/oss-security/2020/07/20/8http://www.securityfocus.com/bid/97530http://www.securitytracker.com/id/1038220https://access.redhat.com/errata/RHSA-2017:1801https://access.redhat.com/errata/RHSA-2017:1802https://access.redhat.com/errata/RHSA-2017:1809https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600@%3Cannounce.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3Ehttps://security.gentoo.org/glsa/201705-09https://security.netapp.com/advisory/ntap-20180614-0001/https://www.rapid7.com/db/vulnerabilities/oracle_linux-cve-2017-5648https://access.redhat.com/errata/RHSA-2017:1809https://nvd.nist.govhttps://usn.ubuntu.com/3519-1/https://www.debian.org/security/./dsa-3843