#VU6950 Security bypass in Apache Tomcat


Published: 2017-06-06 | Updated: 2017-06-12

Vulnerability identifier: #VU6950

Vulnerability risk: Low

CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-5664

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Apache Tomcat
Server applications / Web servers

Vendor: Apache Foundation

Description
The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to improper handling of certain HTTP request methods for static error pages in Default Servlet. A remote attacker can bypass HTTP method restrictions and cause the error page to be deleted or replaced.

Successful exploitation of the vulnerability results in information modification.

Mitigation
Update to version 7.0.78, 8.0.44, 8.5.15, 9.0.0.M21.

Vulnerable software versions

Apache Tomcat: 7.0.0 - 7.0.77, 8.0.0 - 8.0.43, 8.5.0 - 8.5.14, 9.0.0-M1 - 9.0.0-M15

External links
http://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-8.html
http://tomcat.apache.org/security-9.html
http://lists.apache.org/thread.html/a42c48e37398d76334e17089e43ccab945238b8b7896538478d76066@%3Cann...

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Dell EMC Cloud Tiering Appliance
SUSE Linux update for tomcat
SUSE Linux update for tomcat
openSUSE update for tomcat
SUSE Linux update for tomcat
Red Hat update for tomcat6
Multiple vulnerabilities in Oracle MySQL
Multiple vulnerabilities in Percona Server for MySQL
Red Hat update for jboss-ec2-eap
Amazon Linux AMI update for tomcat7