The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Tomcat

vulnerability bulletin CVE-2017-12617

Apache Tomcat: code execution via Read-write Default/WebDAV Servlet

Synthesis of the vulnerability

An attacker can use a vulnerability via Read-write Default/WebDAV Servlet of Apache Tomcat, in order to run code.
Impacted products: Tomcat, Debian, NetWorker, Fedora, MariaDB ~ precise, ePO, MySQL Community, MySQL Enterprise, openSUSE Leap, Oracle Communications, Oracle DB, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Identity Management, Oracle Internet Directory, Oracle iPlanet Web Server, Tuxedo, WebLogic, Oracle Web Tier, Percona Server, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights.
Provenance: internet client.
Creation date: 20/09/2017.
Identifiers: 504539, 61542, CERTFR-2017-AVI-332, cpuapr2018, cpuapr2019, cpujan2018, cpujul2018, CVE-2017-12617, DLA-1166-1, DLA-1166-2, ESA-2017-097, FEDORA-2017-ef7c118dbc, FEDORA-2017-f499ee7b12, openSUSE-SU-2017:3069-1, RHSA-2017:3080-01, RHSA-2017:3081-01, RHSA-2017:3113-01, RHSA-2017:3114-01, RHSA-2018:0465-01, RHSA-2018:0466-01, SB10218, SUSE-SU-2017:3039-1, SUSE-SU-2017:3059-1, SUSE-SU-2017:3279-1, USN-3665-1, VIGILANCE-VUL-23883.

Description of the vulnerability

An attacker can use a vulnerability via Read-write Default/WebDAV Servlet of Apache Tomcat, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-12615

Apache Tomcat: code execution via HTTP PUT JSP File

Synthesis of the vulnerability

An attacker can use a vulnerability via HTTP PUT JSP File of Apache Tomcat, in order to run code.
Impacted products: Tomcat, NetWorker, Fedora, ePO, RHEL, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***.
Severity: 3/4.
Consequences: user access/rights.
Provenance: internet client.
Creation date: 19/09/2017.
Identifiers: 504539, CERTFR-2017-AVI-314, CVE-2017-12615, ESA-2017-097, FEDORA-2017-ef7c118dbc, FEDORA-2017-f499ee7b12, RHSA-2017:3080-01, RHSA-2017:3081-01, RHSA-2017:3113-01, RHSA-2017:3114-01, RHSA-2018:0465-01, RHSA-2018:0466-01, SB10218, SUSE-SU-2017:3059-1, Synology-SA-17:54, VIGILANCE-VUL-23872.

Description of the vulnerability

An attacker can use a vulnerability via HTTP PUT JSP File of Apache Tomcat, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-12616

Apache Tomcat: information disclosure via VirtualDirContext JSP Source Code

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via VirtualDirContext of Apache Tomcat, in order to obtain sensitive information.
Impacted products: Tomcat, Debian, NetWorker, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 19/09/2017.
Identifiers: 504539, CERTFR-2017-AVI-314, CVE-2017-12616, DLA-1108-1, DLA-1400-1, DLA-1400-2, ESA-2017-097, RHSA-2018:0465-01, RHSA-2018:0466-01, SUSE-SU-2017:3059-1, Synology-SA-17:54, USN-3665-1, VIGILANCE-VUL-23871.

Description of the vulnerability

An attacker can bypass access restrictions to data via VirtualDirContext of Apache Tomcat, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-7675

Apache Tomcat: directory traversal via HTTP/2

Synthesis of the vulnerability

An attacker can traverse directories via HTTP/2 of Apache Tomcat, in order to read a file outside the service root path.
Impacted products: Tomcat, Debian, Solaris.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 11/08/2017.
Identifiers: bulletinoct2017, CVE-2017-7675, DSA-3974-1, VIGILANCE-VUL-23501.

Description of the vulnerability

An attacker can traverse directories via HTTP/2 of Apache Tomcat, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-7674

Apache Tomcat: information disclosure via Cache Poisoning

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Cache Poisoning of Apache Tomcat, in order to obtain sensitive information.
Impacted products: Tomcat, Debian, Fedora, HP-UX, openSUSE Leap, Oracle Fusion Middleware, Solaris, Tuxedo, WebLogic, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: internet server.
Creation date: 11/08/2017.
Identifiers: bulletinoct2017, cpuapr2018, CVE-2017-7674, DLA-1400-1, DLA-1400-2, DSA-3974-1, FEDORA-2017-a00a087fd4, FEDORA-2017-ab0def38cd, HPESBUX03828, openSUSE-SU-2017:3069-1, SUSE-SU-2017:3039-1, SUSE-SU-2017:3059-1, SUSE-SU-2017:3279-1, USN-3519-1, VIGILANCE-VUL-23500.

Description of the vulnerability

An attacker can bypass access restrictions to data via Cache Poisoning of Apache Tomcat, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-5664

Apache Tomcat: error page tampering

Synthesis of the vulnerability

An attacker can trigger an HTTP error in Apache Tomcat, in order to corrupt the error page documents.
Impacted products: Tomcat, Blue Coat CAS, Debian, Fedora, HPE NNMi, HP-UX, Junos Space, MySQL Community, MySQL Enterprise, openSUSE Leap, Oracle Communications, Oracle Fusion Middleware, Solaris, Tuxedo, WebLogic, Percona Server, RHEL, JBoss EAP by Red Hat, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, Ubuntu.
Severity: 2/4.
Consequences: privileged access/rights, data creation/edition.
Provenance: internet client.
Creation date: 06/06/2017.
Identifiers: bulletinjul2017, cpuapr2018, cpuapr2019, CVE-2017-5664, DLA-996-1, DSA-3891-1, DSA-3892-1, FEDORA-2017-63789c8c29, FEDORA-2017-e4638a345c, HPESBUX03828, JSA10838, KM03302206, openSUSE-SU-2017:3069-1, RHSA-2017:1801-01, RHSA-2017:1802-01, RHSA-2017:1809-01, RHSA-2017:2493-01, RHSA-2017:2494-01, RHSA-2017:2633-01, RHSA-2017:2635-01, RHSA-2017:2636-01, RHSA-2017:2637-01, RHSA-2017:2638-01, RHSA-2017:3080-01, RHSA-2017:3081-01, SA156, SUSE-SU-2017:3039-1, SUSE-SU-2017:3059-1, SUSE-SU-2017:3279-1, SUSE-SU-2018:1847-1, USN-3519-1, VIGILANCE-VUL-22907.

Description of the vulnerability

The Apache Tomcat product offers a web service.

HTTP error pages may be customized. However, when the page content is provided by a static document instead of a servlet output, Tomcat allows to tamper with this source document.

An attacker can therefore trigger an HTTP error in Apache Tomcat, in order to corrupt the error page documents.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-5648

Apache Tomcat: privilege escalation

Synthesis of the vulnerability

A local attacker can tamper with the data exchanged by applications hosted in one instance of Apache Tomcat.
Impacted products: Tomcat, Debian, Fedora, Snap Creator Framework, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user account.
Creation date: 11/04/2017.
Identifiers: CERTFR-2017-AVI-116, CVE-2017-5648, DLA-924-1, DLA-924-2, DSA-3842-1, DSA-3843-1, FEDORA-2017-5261ba4605, FEDORA-2017-d5aa7c77d6, NTAP-20180605-0001, NTAP-20180607-0001, NTAP-20180607-0002, NTAP-20180614-0001, openSUSE-SU-2017:1292-1, RHSA-2017:1801-01, RHSA-2017:1802-01, RHSA-2017:1809-01, SUSE-SU-2017:1229-1, SUSE-SU-2017:1382-1, SUSE-SU-2017:1660-1, USN-3519-1, VIGILANCE-VUL-22401.

Description of the vulnerability

The Apache Tomcat is a web application server.

It may host several applications which must be isolated. However, an application can get handle objets to requests and responses for other applications, and so read their request or modify their response body.

A local attacker can therefore tamper with the data exchanged by applications hosted in one instance of Apache Tomcat.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-5650 CVE-2017-5651

Apache Tomcat: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Apache Tomcat.
Impacted products: Tomcat, MariaDB ~ precise, MySQL Community, MySQL Enterprise, Snap Creator Framework, Percona Server.
Severity: 3/4.
Consequences: data reading, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 11/04/2017.
Identifiers: CERTFR-2017-AVI-116, cpujul2017, CVE-2017-5650, CVE-2017-5651, NTAP-20180605-0001, NTAP-20180607-0001, NTAP-20180607-0002, NTAP-20180614-0001, VIGILANCE-VUL-22395.

Description of the vulnerability

Several vulnerabilities were announced in Apache Tomcat.

An attacker can make the server send to him the response of a not related request. [severity:3/4; CVE-2017-5651]

An attacker can send HTTP/2 requests which will block all server threads, in order to trigger a denial of service. [severity:3/4; CVE-2017-5650]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-5647

Apache Tomcat: information disclosure via response exchanges

Synthesis of the vulnerability

An attacker can send a burst of HTTP 1.1 request to Apache Tomcat, in order to get sensitive information.
Impacted products: Tomcat, Blue Coat CAS, Debian, Fedora, MariaDB ~ precise, ePO, MySQL Community, MySQL Enterprise, Snap Creator Framework, openSUSE Leap, Solaris, Percona Server, RHEL, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, Ubuntu.
Severity: 3/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 11/04/2017.
Identifiers: bulletinapr2017, cpujul2017, CVE-2017-5647, DLA-924-1, DLA-924-2, DSA-3842-1, DSA-3843-1, FEDORA-2017-5261ba4605, FEDORA-2017-d5aa7c77d6, NTAP-20180605-0001, NTAP-20180607-0001, NTAP-20180607-0002, NTAP-20180614-0001, openSUSE-SU-2017:1292-1, RHSA-2017:1801-01, RHSA-2017:1802-01, RHSA-2017:2493-01, RHSA-2017:2494-01, RHSA-2017:3080-01, RHSA-2017:3081-01, SA156, SB10199, SUSE-SU-2017:1229-1, SUSE-SU-2017:1382-1, SUSE-SU-2017:1632-1, SUSE-SU-2017:1660-1, USN-3519-1, VIGILANCE-VUL-22391.

Description of the vulnerability

The Apache Tomcat product includes an HTTP server.

In HTTP 1.1, the client may send several requests without waiting for the response to the first request. However, in some cases, the server mismatches the response body and the request, in such a way that a client may receive the response for another request. This vulnerability looks like the one described in VIGILANCE-VUL-21355.

An attacker can therefore send a burst of HTTP 1.1 request to Apache Tomcat, in order to get sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce 22362

Apache Tomcat: directory traversal via config/version

Synthesis of the vulnerability

An attacker can traverse directories via config/version of Apache Tomcat, in order to read a file outside the service root path.
Impacted products: Tomcat.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 06/04/2017.
Identifiers: DC-2017-03-001, VIGILANCE-VUL-22362.

Description of the vulnerability

An attacker can traverse directories via config/version of Apache Tomcat, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Tomcat: