Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2017-5664

Published: 06/06/2017 Updated: 08/12/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Tomcat

Vulnerability Summary

The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat 9.0.0.M1 to 9.0.0.M20, 8.5.0 to 8.5.14, 8.0.0.RC1 to 8.0.43 and 7.0.0 to 7.0.77 did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the HTTP method. JSPs used as error pages must must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache tomcat 7.0.2

apache tomcat 7.0.49

apache tomcat 7.0.12

apache tomcat 7.0.62

apache tomcat 7.0.20

apache tomcat 7.0.34

apache tomcat 7.0.58

apache tomcat 7.0.8

apache tomcat 7.0.55

apache tomcat 7.0.1

apache tomcat 7.0.5

apache tomcat 7.0.51

apache tomcat 7.0.4

apache tomcat 7.0.63

apache tomcat 7.0.22

apache tomcat 7.0.39

apache tomcat 7.0.26

apache tomcat 7.0.46

apache tomcat 7.0.72

apache tomcat 7.0.76

apache tomcat 7.0.71

apache tomcat 7.0.28

apache tomcat 7.0.59

apache tomcat 7.0.65

apache tomcat 7.0.0

apache tomcat 7.0.50

apache tomcat 7.0.6

apache tomcat 7.0.18

apache tomcat 7.0.14

apache tomcat 7.0.48

apache tomcat 7.0.11

apache tomcat 7.0.67

apache tomcat 7.0.74

apache tomcat 7.0.23

apache tomcat 7.0.66

apache tomcat 7.0.44

apache tomcat 7.0.69

apache tomcat 7.0.7

apache tomcat 7.0.42

apache tomcat 7.0.60

apache tomcat 7.0.37

apache tomcat 7.0.29

apache tomcat 7.0.45

apache tomcat 7.0.68

apache tomcat 7.0.13

apache tomcat 7.0.47

apache tomcat 7.0.41

apache tomcat 7.0.31

apache tomcat 7.0.30

apache tomcat 7.0.15

apache tomcat 7.0.19

apache tomcat 7.0.75

apache tomcat 7.0.16

apache tomcat 7.0.10

apache tomcat 7.0.36

apache tomcat 7.0.25

apache tomcat 7.0.54

apache tomcat 7.0.35

apache tomcat 7.0.61

apache tomcat 7.0.57

apache tomcat 7.0.43

apache tomcat 7.0.32

apache tomcat 7.0.38

apache tomcat 7.0.21

apache tomcat 7.0.27

apache tomcat 7.0.24

apache tomcat 7.0.17

apache tomcat 7.0.40

apache tomcat 7.0.9

apache tomcat 7.0.3

apache tomcat 7.0.77

apache tomcat 7.0.56

apache tomcat 7.0.64

apache tomcat 7.0.70

apache tomcat 7.0.33

apache tomcat 7.0.73

apache tomcat 8.0.4

apache tomcat 8.0.10

apache tomcat 8.0.30

apache tomcat 8.0.17

apache tomcat 8.0.7

apache tomcat 8.0.26

apache tomcat 8.0.40

apache tomcat 8.0.2

apache tomcat 8.0.20

apache tomcat 8.0.31

apache tomcat 8.0.5

apache tomcat 8.0.1

apache tomcat 8.0.0

apache tomcat 8.0.19

apache tomcat 8.0.39

apache tomcat 8.0.12

apache tomcat 8.0.27

apache tomcat 8.0.15

apache tomcat 8.0.22

apache tomcat 8.0.29

apache tomcat 8.0.42

apache tomcat 8.0.11

apache tomcat 8.0.24

apache tomcat 8.0.36

apache tomcat 8.0.23

apache tomcat 8.0.33

apache tomcat 8.0.6

apache tomcat 8.0.21

apache tomcat 8.0.32

apache tomcat 8.0.41

apache tomcat 8.0.25

apache tomcat 8.0.18

apache tomcat 8.0.35

apache tomcat 8.0.3

apache tomcat 8.0.38

apache tomcat 8.0.13

apache tomcat 8.0.14

apache tomcat 8.0.9

apache tomcat 8.0.43

apache tomcat 8.0.16

apache tomcat 8.0.34

apache tomcat 8.0.28

apache tomcat 8.0.37

apache tomcat 8.5.2

apache tomcat 8.5.9

apache tomcat 8.5.4

apache tomcat 8.5.0

apache tomcat 8.5.10

apache tomcat 8.5.13

apache tomcat 8.5.14

apache tomcat 8.5.5

apache tomcat 8.5.3

apache tomcat 8.5.6

apache tomcat 8.5.7

apache tomcat 8.5.8

apache tomcat 8.5.12

apache tomcat 8.5.11

apache tomcat 8.5.1

apache tomcat 9.0.0

Vendor Advisories

Debian CVElist Bug Report Logs: tomcat8: CVE-2017-5664: Security constrained bypass in error page mechanism
Debian Bug report logs - #864447 tomcat8: CVE-2017-5664: Security constrained bypass in error page mechanism Package: src:tomcat8; Maintainer for src:tomcat8 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 8 Jun 2017 18:54:01 ...
Ubuntu Security Notice: tomcat7, tomcat8 vulnerabilities
Several security issues were fixed in Tomcat ...
Red Hat: Important: tomcat security update
Synopsis Important: tomcat security update Type/Severity Security Advisory: Important Topic An update for tomcat is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...
Red Hat: Important: Red Hat JBoss Web Server 3.1.0 Service Pack 1 security update
Synopsis Important: Red Hat JBoss Web Server 310 Service Pack 1 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Web Server 31 for RHEL 6 and Red Hat JBoss Web Server 31 for RHEL 7Red Hat Product Security has rated this update as having a sec ...
Red Hat: Important: tomcat6 security update
Synopsis Important: tomcat6 security update Type/Severity Security Advisory: Important Topic An update for tomcat6 is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...
Red Hat: Important: Red Hat JBoss Web Server Service Pack 1 security update
Synopsis Important: Red Hat JBoss Web Server Service Pack 1 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Web Server 31Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Debian Security Advisories: DSA-3891-1 tomcat8 -- security update
Aniket Nandkishor Kulkarni discovered that in tomcat8, a servlet and JSP engine, static error pages used the original request's HTTP method to serve content, instead of systematically using the GET method This could under certain conditions result in undesirable results, including the replacement or removal of the custom error page For the oldsta ...
Debian Security Advisories: DSA-3892-1 tomcat7 -- security update
Aniket Nandkishor Kulkarni discovered that in tomcat7, a servlet and JSP engine, static error pages used the original request's HTTP method to serve content, instead of systematically using the GET method This could under certain conditions result in undesirable results, including the replacement or removal of the custom error page For the oldsta ...
Arch Linux Issues:
A security issue has been found in Apache Tomcat < 7018 and < 8044 The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page This means that the request is presented to the e ...
Amazon Linux AMI: ALAS-2017-854
Security constrained bypass in error page mechanism:A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page (CVE-2017-5664) ...
Amazon Linux AMI: ALAS-2017-853
Security constrained bypass in error page mechanism:A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page (CVE-2017-5664) ...
Amazon Linux AMI: ALAS-2017-873
Security constrained bypass in error page mechanism:While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 900M1 to 900M17, 850 to 8511, 800RC1 to 8041, and 700 to 7075 did not use the appropriate facade object When running an untrusted application under a SecurityManager, it was ...
Amazon Linux AMI: ALAS-2017-862
Security constrained bypass in error page mechanism:A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page (CVE-2017-5664) The CORS Filter in Apache Tomcat 900M1 to 90 ...
Hitachi Security Advisories: Multiple Vulnerabilities in JP1/Network Node Manager i
Multiple vulnerabilities have been found in JP1/Network Node Manager i CVE-2016-6816, CVE-2017-5664 Affected products and versions are listed below Please upgrade your version to the appropriate version ...

References

CWE-755http://www.securityfocus.com/bid/98888http://www.securitytracker.com/id/1038641http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.debian.org/security/2017/dsa-3892http://www.debian.org/security/2017/dsa-3891https://security.netapp.com/advisory/ntap-20171019-0002/https://access.redhat.com/errata/RHSA-2017:3080https://access.redhat.com/errata/RHSA-2017:2638https://access.redhat.com/errata/RHSA-2017:2637https://access.redhat.com/errata/RHSA-2017:2636https://access.redhat.com/errata/RHSA-2017:2635https://access.redhat.com/errata/RHSA-2017:2633https://access.redhat.com/errata/RHSA-2017:2494https://access.redhat.com/errata/RHSA-2017:2493https://access.redhat.com/errata/RHSA-2017:1809https://access.redhat.com/errata/RHSA-2017:1802https://access.redhat.com/errata/RHSA-2017:1801http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_ushttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://lists.apache.org/thread.html/a42c48e37398d76334e17089e43ccab945238b8b7896538478d76066%40%3Cannounce.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3Ehttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864447https://usn.ubuntu.com/3519-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook