Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2017-5664

Published: 06/06/2017 Updated: 03/10/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Tomcat

Vulnerability Summary

The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat 9.0.0.M1 to 9.0.0.M20, 8.5.0 to 8.5.14, 8.0.0.RC1 to 8.0.43 and 7.0.0 to 7.0.77 did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the HTTP method. JSPs used as error pages must must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache tomcat 7.0.4

apache tomcat 7.0.10

apache tomcat 7.0.11

apache tomcat 7.0.18

apache tomcat 7.0.19

apache tomcat 7.0.20

apache tomcat 7.0.27

apache tomcat 7.0.28

apache tomcat 7.0.35

apache tomcat 7.0.36

apache tomcat 7.0.44

apache tomcat 7.0.45

apache tomcat 7.0.54

apache tomcat 7.0.55

apache tomcat 7.0.62

apache tomcat 7.0.63

apache tomcat 7.0.71

apache tomcat 7.0.72

apache tomcat 7.0.1

apache tomcat 7.0.2

apache tomcat 7.0.6

apache tomcat 7.0.7

apache tomcat 7.0.14

apache tomcat 7.0.15

apache tomcat 7.0.23

apache tomcat 7.0.24

apache tomcat 7.0.31

apache tomcat 7.0.32

apache tomcat 7.0.39

apache tomcat 7.0.40

apache tomcat 7.0.48

apache tomcat 7.0.49

apache tomcat 7.0.58

apache tomcat 7.0.59

apache tomcat 7.0.66

apache tomcat 7.0.67

apache tomcat 7.0.75

apache tomcat 7.0.76

apache tomcat 7.0.3

apache tomcat 7.0.8

apache tomcat 7.0.9

apache tomcat 7.0.16

apache tomcat 7.0.17

apache tomcat 7.0.25

apache tomcat 7.0.26

apache tomcat 7.0.33

apache tomcat 7.0.34

apache tomcat 7.0.41

apache tomcat 7.0.42

apache tomcat 7.0.43

apache tomcat 7.0.50

apache tomcat 7.0.51

apache tomcat 7.0.60

apache tomcat 7.0.61

apache tomcat 7.0.68

apache tomcat 7.0.69

apache tomcat 7.0.70

apache tomcat 7.0.77

apache tomcat 7.0.0

apache tomcat 7.0.5

apache tomcat 7.0.12

apache tomcat 7.0.13

apache tomcat 7.0.21

apache tomcat 7.0.22

apache tomcat 7.0.29

apache tomcat 7.0.30

apache tomcat 7.0.37

apache tomcat 7.0.38

apache tomcat 7.0.46

apache tomcat 7.0.47

apache tomcat 7.0.56

apache tomcat 7.0.57

apache tomcat 7.0.64

apache tomcat 7.0.65

apache tomcat 7.0.73

apache tomcat 7.0.74

apache tomcat 8.0.3

apache tomcat 8.0.4

apache tomcat 8.0.13

apache tomcat 8.0.14

apache tomcat 8.0.21

apache tomcat 8.0.22

apache tomcat 8.0.29

apache tomcat 8.0.30

apache tomcat 8.0.38

apache tomcat 8.0.39

apache tomcat 8.0.0

apache tomcat 8.0.7

apache tomcat 8.0.9

apache tomcat 8.0.17

apache tomcat 8.0.18

apache tomcat 8.0.25

apache tomcat 8.0.26

apache tomcat 8.0.33

apache tomcat 8.0.34

apache tomcat 8.0.42

apache tomcat 8.0.43

apache tomcat 8.0.1

apache tomcat 8.0.2

apache tomcat 8.0.10

apache tomcat 8.0.11

apache tomcat 8.0.12

apache tomcat 8.0.19

apache tomcat 8.0.20

apache tomcat 8.0.27

apache tomcat 8.0.28

apache tomcat 8.0.35

apache tomcat 8.0.36

apache tomcat 8.0.37

apache tomcat 8.0.5

apache tomcat 8.0.6

apache tomcat 8.0.15

apache tomcat 8.0.16

apache tomcat 8.0.23

apache tomcat 8.0.24

apache tomcat 8.0.31

apache tomcat 8.0.32

apache tomcat 8.0.40

apache tomcat 8.0.41

apache tomcat 8.5.1

apache tomcat 8.5.2

apache tomcat 8.5.9

apache tomcat 8.5.10

apache tomcat 8.5.5

apache tomcat 8.5.6

apache tomcat 8.5.13

apache tomcat 8.5.14

apache tomcat 8.5.0

apache tomcat 8.5.7

apache tomcat 8.5.8

apache tomcat 8.5.3

apache tomcat 8.5.4

apache tomcat 8.5.11

apache tomcat 8.5.12

apache tomcat 9.0.0

Vendor Advisories

Red Hat: Important: tomcat security update
Synopsis Important: tomcat security update Type/Severity Security Advisory: Important Topic An update for tomcat is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...
Red Hat: Important: tomcat6 security update
Synopsis Important: tomcat6 security update Type/Severity Security Advisory: Important Topic An update for tomcat6 is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...
Red Hat: Important: Red Hat JBoss Web Server Service Pack 1 security update
Synopsis Important: Red Hat JBoss Web Server Service Pack 1 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Web Server 31Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Red Hat: Important: Red Hat JBoss Web Server 3.1.0 Service Pack 1 security update
Synopsis Important: Red Hat JBoss Web Server 310 Service Pack 1 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Web Server 31 for RHEL 6 and Red Hat JBoss Web Server 31 for RHEL 7Red Hat Product Security has rated this update as having a sec ...
Debian Security Advisories: DSA-3892-1 tomcat7 -- security update
Aniket Nandkishor Kulkarni discovered that in tomcat7, a servlet and JSP engine, static error pages used the original request's HTTP method to serve content, instead of systematically using the GET method This could under certain conditions result in undesirable results, including the replacement or removal of the custom error page For the oldsta ...
Debian Security Advisories: DSA-3891-1 tomcat8 -- security update
Aniket Nandkishor Kulkarni discovered that in tomcat8, a servlet and JSP engine, static error pages used the original request's HTTP method to serve content, instead of systematically using the GET method This could under certain conditions result in undesirable results, including the replacement or removal of the custom error page For the oldsta ...
Debian CVElist Bug Report Logs: tomcat8: CVE-2017-5664: Security constrained bypass in error page mechanism
Debian Bug report logs - #864447 tomcat8: CVE-2017-5664: Security constrained bypass in error page mechanism Package: src:tomcat8; Maintainer for src:tomcat8 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 8 Jun 2017 18:54:01 ...
Amazon Linux AMI: ALAS-2017-853
Security constrained bypass in error page mechanism:A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page (CVE-2017-5664) ...
Amazon Linux AMI: ALAS-2017-854
Security constrained bypass in error page mechanism:A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page (CVE-2017-5664) ...
Arch Linux Advisories: [ASA-201706-6] tomcat7: access restriction bypass
Arch Linux Security Advisory ASA-201706-6 ========================================= Severity: High Date : 2017-06-06 CVE-ID : CVE-2017-5664 Package : tomcat7 Type : access restriction bypass Remote : Yes Link : securityarchlinuxorg/AVG-290 Summary ======= The package tomcat7 before version 7078-1 is vulnerable to access re ...
Arch Linux Advisories: [ASA-201706-7] tomcat8: access restriction bypass
Arch Linux Security Advisory ASA-201706-7 ========================================= Severity: High Date : 2017-06-06 CVE-ID : CVE-2017-5664 Package : tomcat8 Type : access restriction bypass Remote : Yes Link : securityarchlinuxorg/AVG-291 Summary ======= The package tomcat8 before version 8044-1 is vulnerable to access re ...
Ubuntu Security Notice: tomcat7, tomcat8 vulnerabilities
Several security issues were fixed in Tomcat ...
Arch Linux Issues:
A security issue has been found in Apache Tomcat < 7018 and < 8044 The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page This means that the request is presented to the e ...
Amazon Linux AMI: ALAS-2017-862
Security constrained bypass in error page mechanism:A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page (CVE-2017-5664) The CORS Filter in Apache Tomcat 900M1 to 90 ...
Amazon Linux AMI: ALAS-2017-873
Security constrained bypass in error page mechanism:While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 900M1 to 900M17, 850 to 8511, 800RC1 to 8041, and 700 to 7075 did not use the appropriate facade object When running an untrusted application under a SecurityManager, it was ...
Hitachi Security Advisories: Multiple Vulnerabilities in JP1/Network Node Manager i
Multiple vulnerabilities have been found in JP1/Network Node Manager i CVE-2016-6816, CVE-2017-5664 Affected products and versions are listed below Please upgrade your version to the appropriate version ...
Forcepoint Security Advisories: CVE-2017-5664 Apache Tomcat Security Constraint Bypass Vulnerability
Support My AccountForcepoint Support Site Guest User (Logout)Community My Account Visitor(login)Community CVE-2017-5664 Apache Tomcat Security Constraint Bypass Vulnerability Article Number: 000013075 Products ...
Symantec Security Advisories: SA156: Apache Tomcat Vulnerabilities Apr-Oct 2017
Symantec Network Protection products using affected versions of Apache Tomcat are susceptible to multiple security vulnerabilities  A remote attacker, with access to the management interface, can obtain sensitive information from the server, modify information associated with a different web application, execute arbitrary code, modify server beha ...
Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2017
Oracle Solaris Third Party Bulletin - July 2017 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical P ...
Oracle: Oracle Critical Patch Update Advisory - July 2018
Oracle Critical Patch Update Advisory - July 2018 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous C ...
Oracle Linux Bulletins: Oracle Linux Bulletin - July 2017
Oracle Linux Bulletin - July 2017 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are released ...
Oracle: Oracle Critical Patch Update Advisory - April 2018
Oracle Critical Patch Update Advisory - April 2018 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous ...
Oracle: Oracle Critical Patch Update Advisory - October 2017
Oracle Critical Patch Update Advisory - October 2017 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the ...
Oracle: Oracle Critical Patch Update Advisory - January 2018
Oracle Critical Patch Update Advisory - January 2018 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previou ...
Oracle Linux Bulletins: Oracle Linux Bulletin - October 2017
Oracle Linux Bulletin - October 2017 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical ...

Mailing Lists

Bugtraq: [security bulletin] MFSBGN03837 rev.1 - Network Node Manager i, Multiple Vulnerabilities
Note: the current version of the following document is available here: softwaresupportsoftwaregrpcom/document/-/facetsearch/document/KM03302206 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03302206 Version: 1 MFSBGN03837 rev1 - Network Node Manager i, Multiple Vulnerabilities NOTICE: The information in this Security Bulle ...

Github Repositories

cybsec

Cyber Securiy MOOC Unsecure project

LINK: githubcom/ilmari666/cybsec Based on the Springboot-template as per course material that can be installed and run with suitably configured Netbeans and Maven Five flaws as per wwwowasporg/images/7/72/OWASP_Top_10-2017_%28en%29pdfpdf This document can be read at githubcom/ilmari666/cybsec/blob/master/READMEmd FLAW 1: A2:2017 Broken Authentica

veracode-container-security-finding-parser Map Vulnerabilities into Different Layers of the Container Image Usage usage: mainpy [-h] [-i INSPECT_FILE] [-s SCAN_FILE] [-d] Example python mainpy Output: Scanned Image: juliantotzek/verademo1-tomcat:latest, Base Image OS Family: centos , Base Image OS Name: 761810 Base Image (based on the first Layer in veracode inspect comman

References

CWE-755https://lists.apache.org/thread.html/a42c48e37398d76334e17089e43ccab945238b8b7896538478d76066@%3Cannounce.tomcat.apache.org%3Ehttp://www.securityfocus.com/bid/98888http://www.securitytracker.com/id/1038641http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.debian.org/security/2017/dsa-3892http://www.debian.org/security/2017/dsa-3891https://security.netapp.com/advisory/ntap-20171019-0002/https://access.redhat.com/errata/RHSA-2017:3080https://access.redhat.com/errata/RHSA-2017:2638https://access.redhat.com/errata/RHSA-2017:2637https://access.redhat.com/errata/RHSA-2017:2636https://access.redhat.com/errata/RHSA-2017:2635https://access.redhat.com/errata/RHSA-2017:2633https://access.redhat.com/errata/RHSA-2017:2494https://access.redhat.com/errata/RHSA-2017:2493https://access.redhat.com/errata/RHSA-2017:1809https://access.redhat.com/errata/RHSA-2017:1802https://access.redhat.com/errata/RHSA-2017:1801http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_ushttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttps://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3Ehttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3Ehttps://access.redhat.com/errata/RHSA-2017:1809https://www.debian.org/security/./dsa-3892https://nvd.nist.govhttps://usn.ubuntu.com/3519-1/https://www.securityfocus.com/bid/98888https://tools.cisco.com/security/center/viewAlert.x?alertId=55627
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-5172CVE-2023-44023CVE-2023-30845elevation of privilegeinjectionCVE-2023-43234CVE-2023-41991cross-site request forgeryseacmsCVE-2023-5197
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook