Lucene search

[email protected]NVD:CVE-2017-7675

HistoryAug 11, 2017 - 2:29 a.m.

CVE-2017-7675

2017-08-1102:29:00

CWE-22

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

54.9%

JSON

The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL.

Affected configurations

Nvd

Node

apachetomcatMatch8.5.0

apachetomcatMatch8.5.1

apachetomcatMatch8.5.2

apachetomcatMatch8.5.3

apachetomcatMatch8.5.4

apachetomcatMatch8.5.5

apachetomcatMatch8.5.6

apachetomcatMatch8.5.7

apachetomcatMatch8.5.8

apachetomcatMatch8.5.9

apachetomcatMatch8.5.10

apachetomcatMatch8.5.11

apachetomcatMatch8.5.12

apachetomcatMatch8.5.13

apachetomcatMatch8.5.14

apachetomcatMatch8.5.15

apachetomcatMatch9.0.0milestone1

apachetomcatMatch9.0.0milestone10

apachetomcatMatch9.0.0milestone11

apachetomcatMatch9.0.0milestone12

apachetomcatMatch9.0.0milestone13

apachetomcatMatch9.0.0milestone14

apachetomcatMatch9.0.0milestone15

apachetomcatMatch9.0.0milestone16

apachetomcatMatch9.0.0milestone17

apachetomcatMatch9.0.0milestone18

apachetomcatMatch9.0.0milestone19

apachetomcatMatch9.0.0milestone2

apachetomcatMatch9.0.0milestone20

apachetomcatMatch9.0.0milestone21

apachetomcatMatch9.0.0milestone3

apachetomcatMatch9.0.0milestone4

apachetomcatMatch9.0.0milestone5

apachetomcatMatch9.0.0milestone6

apachetomcatMatch9.0.0milestone7

apachetomcatMatch9.0.0milestone8

apachetomcatMatch9.0.0milestone9

VendorProductVersionCPE
apachetomcat8.5.0cpe:2.3:a:apache:tomcat:8.5.0:*:*:*:*:*:*:*
apachetomcat8.5.1cpe:2.3:a:apache:tomcat:8.5.1:*:*:*:*:*:*:*
apachetomcat8.5.2cpe:2.3:a:apache:tomcat:8.5.2:*:*:*:*:*:*:*
apachetomcat8.5.3cpe:2.3:a:apache:tomcat:8.5.3:*:*:*:*:*:*:*
apachetomcat8.5.4cpe:2.3:a:apache:tomcat:8.5.4:*:*:*:*:*:*:*
apachetomcat8.5.5cpe:2.3:a:apache:tomcat:8.5.5:*:*:*:*:*:*:*
apachetomcat8.5.6cpe:2.3:a:apache:tomcat:8.5.6:*:*:*:*:*:*:*
apachetomcat8.5.7cpe:2.3:a:apache:tomcat:8.5.7:*:*:*:*:*:*:*
apachetomcat8.5.8cpe:2.3:a:apache:tomcat:8.5.8:*:*:*:*:*:*:*
apachetomcat8.5.9cpe:2.3:a:apache:tomcat:8.5.9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	tomcat	8.5.0	cpe:2.3:a:apache:tomcat:8.5.0:::::::*
apache	tomcat	8.5.1	cpe:2.3:a:apache:tomcat:8.5.1:::::::*
apache	tomcat	8.5.2	cpe:2.3:a:apache:tomcat:8.5.2:::::::*
apache	tomcat	8.5.3	cpe:2.3:a:apache:tomcat:8.5.3:::::::*
apache	tomcat	8.5.4	cpe:2.3:a:apache:tomcat:8.5.4:::::::*
apache	tomcat	8.5.5	cpe:2.3:a:apache:tomcat:8.5.5:::::::*
apache	tomcat	8.5.6	cpe:2.3:a:apache:tomcat:8.5.6:::::::*
apache	tomcat	8.5.7	cpe:2.3:a:apache:tomcat:8.5.7:::::::*
apache	tomcat	8.5.8	cpe:2.3:a:apache:tomcat:8.5.8:::::::*
apache	tomcat	8.5.9	cpe:2.3:a:apache:tomcat:8.5.9:::::::*