5
CVSSv2

CVE-2017-5664

Published: 06/06/2017 Updated: 08/12/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Summary

The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat 9.0.0.M1 to 9.0.0.M20, 8.5.0 to 8.5.14, 8.0.0.RC1 to 8.0.43 and 7.0.0 to 7.0.77 did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the HTTP method. JSPs used as error pages must must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache tomcat 7.0.2

apache tomcat 7.0.49

apache tomcat 7.0.12

apache tomcat 7.0.62

apache tomcat 7.0.20

apache tomcat 7.0.34

apache tomcat 7.0.58

apache tomcat 7.0.8

apache tomcat 7.0.55

apache tomcat 7.0.1

apache tomcat 7.0.5

apache tomcat 7.0.51

apache tomcat 7.0.4

apache tomcat 7.0.63

apache tomcat 7.0.22

apache tomcat 7.0.39

apache tomcat 7.0.26

apache tomcat 7.0.46

apache tomcat 7.0.72

apache tomcat 7.0.76

apache tomcat 7.0.71

apache tomcat 7.0.28

apache tomcat 7.0.59

apache tomcat 7.0.65

apache tomcat 7.0.0

apache tomcat 7.0.50

apache tomcat 7.0.6

apache tomcat 7.0.18

apache tomcat 7.0.14

apache tomcat 7.0.48

apache tomcat 7.0.11

apache tomcat 7.0.67

apache tomcat 7.0.74

apache tomcat 7.0.23

apache tomcat 7.0.66

apache tomcat 7.0.44

apache tomcat 7.0.69

apache tomcat 7.0.7

apache tomcat 7.0.42

apache tomcat 7.0.60

apache tomcat 7.0.37

apache tomcat 7.0.29

apache tomcat 7.0.45

apache tomcat 7.0.68

apache tomcat 7.0.13

apache tomcat 7.0.47

apache tomcat 7.0.41

apache tomcat 7.0.31

apache tomcat 7.0.30

apache tomcat 7.0.15

apache tomcat 7.0.19

apache tomcat 7.0.75

apache tomcat 7.0.16

apache tomcat 7.0.10

apache tomcat 7.0.36

apache tomcat 7.0.25

apache tomcat 7.0.54

apache tomcat 7.0.35

apache tomcat 7.0.61

apache tomcat 7.0.57

apache tomcat 7.0.43

apache tomcat 7.0.32

apache tomcat 7.0.38

apache tomcat 7.0.21

apache tomcat 7.0.27

apache tomcat 7.0.24

apache tomcat 7.0.17

apache tomcat 7.0.40

apache tomcat 7.0.9

apache tomcat 7.0.3

apache tomcat 7.0.77

apache tomcat 7.0.56

apache tomcat 7.0.64

apache tomcat 7.0.70

apache tomcat 7.0.33

apache tomcat 7.0.73

apache tomcat 8.0.4

apache tomcat 8.0.10

apache tomcat 8.0.30

apache tomcat 8.0.17

apache tomcat 8.0.7

apache tomcat 8.0.26

apache tomcat 8.0.40

apache tomcat 8.0.2

apache tomcat 8.0.20

apache tomcat 8.0.31

apache tomcat 8.0.5

apache tomcat 8.0.1

apache tomcat 8.0.0

apache tomcat 8.0.19

apache tomcat 8.0.39

apache tomcat 8.0.12

apache tomcat 8.0.27

apache tomcat 8.0.15

apache tomcat 8.0.22

apache tomcat 8.0.29

apache tomcat 8.0.42

apache tomcat 8.0.11

apache tomcat 8.0.24

apache tomcat 8.0.36

apache tomcat 8.0.23

apache tomcat 8.0.33

apache tomcat 8.0.6

apache tomcat 8.0.21

apache tomcat 8.0.32

apache tomcat 8.0.41

apache tomcat 8.0.25

apache tomcat 8.0.18

apache tomcat 8.0.35

apache tomcat 8.0.3

apache tomcat 8.0.38

apache tomcat 8.0.13

apache tomcat 8.0.14

apache tomcat 8.0.9

apache tomcat 8.0.43

apache tomcat 8.0.16

apache tomcat 8.0.34

apache tomcat 8.0.28

apache tomcat 8.0.37

apache tomcat 8.5.2

apache tomcat 8.5.9

apache tomcat 8.5.4

apache tomcat 8.5.0

apache tomcat 8.5.10

apache tomcat 8.5.13

apache tomcat 8.5.14

apache tomcat 8.5.5

apache tomcat 8.5.3

apache tomcat 8.5.6

apache tomcat 8.5.7

apache tomcat 8.5.8

apache tomcat 8.5.12

apache tomcat 8.5.11

apache tomcat 8.5.1

apache tomcat 9.0.0

Vendor Advisories

Several security issues were fixed in Tomcat ...
Debian Bug report logs - #864447 tomcat8: CVE-2017-5664: Security constrained bypass in error page mechanism Package: src:tomcat8; Maintainer for src:tomcat8 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 8 Jun 2017 18:54:01 ...
Synopsis Important: tomcat security update Type/Severity Security Advisory: Important Topic An update for tomcat is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...
Synopsis Important: Red Hat JBoss Web Server 310 Service Pack 1 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Web Server 31 for RHEL 6 and Red Hat JBoss Web Server 31 for RHEL 7Red Hat Product Security has rated this update as having a sec ...
Synopsis Important: Red Hat JBoss Web Server Service Pack 1 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Web Server 31Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Synopsis Important: tomcat6 security update Type/Severity Security Advisory: Important Topic An update for tomcat6 is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...
Aniket Nandkishor Kulkarni discovered that in tomcat8, a servlet and JSP engine, static error pages used the original request's HTTP method to serve content, instead of systematically using the GET method This could under certain conditions result in undesirable results, including the replacement or removal of the custom error page For the oldsta ...
Aniket Nandkishor Kulkarni discovered that in tomcat7, a servlet and JSP engine, static error pages used the original request's HTTP method to serve content, instead of systematically using the GET method This could under certain conditions result in undesirable results, including the replacement or removal of the custom error page For the oldsta ...
Security constrained bypass in error page mechanism:A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page (CVE-2017-5664) ...
Security constrained bypass in error page mechanism:A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page (CVE-2017-5664) ...
Security constrained bypass in error page mechanism:While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 900M1 to 900M17, 850 to 8511, 800RC1 to 8041, and 700 to 7075 did not use the appropriate facade object When running an untrusted application under a SecurityManager, it was ...
Security constrained bypass in error page mechanism:A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page (CVE-2017-5664) The CORS Filter in Apache Tomcat 900M1 to 90 ...
A security issue has been found in Apache Tomcat < 7018 and < 8044 The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page This means that the request is presented to the e ...
Multiple vulnerabilities have been found in JP1/Network Node Manager i CVE-2016-6816, CVE-2017-5664 Affected products and versions are listed below Please upgrade your version to the appropriate version ...

References

CWE-755http://www.securityfocus.com/bid/98888http://www.securitytracker.com/id/1038641http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.debian.org/security/2017/dsa-3892http://www.debian.org/security/2017/dsa-3891https://security.netapp.com/advisory/ntap-20171019-0002/https://access.redhat.com/errata/RHSA-2017:3080https://access.redhat.com/errata/RHSA-2017:2638https://access.redhat.com/errata/RHSA-2017:2637https://access.redhat.com/errata/RHSA-2017:2636https://access.redhat.com/errata/RHSA-2017:2635https://access.redhat.com/errata/RHSA-2017:2633https://access.redhat.com/errata/RHSA-2017:2494https://access.redhat.com/errata/RHSA-2017:2493https://access.redhat.com/errata/RHSA-2017:1809https://access.redhat.com/errata/RHSA-2017:1802https://access.redhat.com/errata/RHSA-2017:1801http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_ushttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://lists.apache.org/thread.html/a42c48e37398d76334e17089e43ccab945238b8b7896538478d76066%40%3Cannounce.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3Ehttps://nvd.nist.govhttps://usn.ubuntu.com/3519-1/