9.1

CVE-2017-5648

While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application.

Data is provided by the National Vulnerability Database (NVD)
ApacheTomcat Version7.0.0
ApacheTomcat Version7.0.1
ApacheTomcat Version7.0.2
ApacheTomcat Version7.0.3
ApacheTomcat Version7.0.4
ApacheTomcat Version7.0.5
ApacheTomcat Version7.0.6
ApacheTomcat Version7.0.7
ApacheTomcat Version7.0.8
ApacheTomcat Version7.0.9
ApacheTomcat Version7.0.10
ApacheTomcat Version7.0.11
ApacheTomcat Version7.0.12
ApacheTomcat Version7.0.13
ApacheTomcat Version7.0.14
ApacheTomcat Version7.0.15
ApacheTomcat Version7.0.16
ApacheTomcat Version7.0.17
ApacheTomcat Version7.0.18
ApacheTomcat Version7.0.19
ApacheTomcat Version7.0.20
ApacheTomcat Version7.0.21
ApacheTomcat Version7.0.22
ApacheTomcat Version7.0.23
ApacheTomcat Version7.0.24
ApacheTomcat Version7.0.25
ApacheTomcat Version7.0.26
ApacheTomcat Version7.0.27
ApacheTomcat Version7.0.28
ApacheTomcat Version7.0.29
ApacheTomcat Version7.0.30
ApacheTomcat Version7.0.31
ApacheTomcat Version7.0.32
ApacheTomcat Version7.0.33
ApacheTomcat Version7.0.34
ApacheTomcat Version7.0.35
ApacheTomcat Version7.0.36
ApacheTomcat Version7.0.37
ApacheTomcat Version7.0.38
ApacheTomcat Version7.0.39
ApacheTomcat Version7.0.40
ApacheTomcat Version7.0.41
ApacheTomcat Version7.0.42
ApacheTomcat Version7.0.43
ApacheTomcat Version7.0.44
ApacheTomcat Version7.0.45
ApacheTomcat Version7.0.46
ApacheTomcat Version7.0.47
ApacheTomcat Version7.0.48
ApacheTomcat Version7.0.49
ApacheTomcat Version7.0.50
ApacheTomcat Version7.0.51
ApacheTomcat Version7.0.52
ApacheTomcat Version7.0.53
ApacheTomcat Version7.0.54
ApacheTomcat Version7.0.55
ApacheTomcat Version7.0.56
ApacheTomcat Version7.0.57
ApacheTomcat Version7.0.58
ApacheTomcat Version7.0.59
ApacheTomcat Version7.0.60
ApacheTomcat Version7.0.61
ApacheTomcat Version7.0.62
ApacheTomcat Version7.0.63
ApacheTomcat Version7.0.64
ApacheTomcat Version7.0.65
ApacheTomcat Version7.0.66
ApacheTomcat Version7.0.67
ApacheTomcat Version7.0.68
ApacheTomcat Version7.0.69
ApacheTomcat Version7.0.70
ApacheTomcat Version7.0.71
ApacheTomcat Version7.0.72
ApacheTomcat Version7.0.73
ApacheTomcat Version7.0.74
ApacheTomcat Version7.0.75
ApacheTomcat Version8.0.0
ApacheTomcat Version8.0.0 Updaterc1
ApacheTomcat Version8.0.1
ApacheTomcat Version8.0.2
ApacheTomcat Version8.0.3
ApacheTomcat Version8.0.4
ApacheTomcat Version8.0.5
ApacheTomcat Version8.0.6
ApacheTomcat Version8.0.7
ApacheTomcat Version8.0.8
ApacheTomcat Version8.0.9
ApacheTomcat Version8.0.10
ApacheTomcat Version8.0.11
ApacheTomcat Version8.0.12
ApacheTomcat Version8.0.13
ApacheTomcat Version8.0.14
ApacheTomcat Version8.0.15
ApacheTomcat Version8.0.16
ApacheTomcat Version8.0.17
ApacheTomcat Version8.0.18
ApacheTomcat Version8.0.19
ApacheTomcat Version8.0.20
ApacheTomcat Version8.0.21
ApacheTomcat Version8.0.22
ApacheTomcat Version8.0.23
ApacheTomcat Version8.0.24
ApacheTomcat Version8.0.25
ApacheTomcat Version8.0.26
ApacheTomcat Version8.0.27
ApacheTomcat Version8.0.28
ApacheTomcat Version8.0.29
ApacheTomcat Version8.0.30
ApacheTomcat Version8.0.31
ApacheTomcat Version8.0.32
ApacheTomcat Version8.0.33
ApacheTomcat Version8.0.34
ApacheTomcat Version8.0.35
ApacheTomcat Version8.0.36
ApacheTomcat Version8.0.37
ApacheTomcat Version8.0.38
ApacheTomcat Version8.0.39
ApacheTomcat Version8.0.40
ApacheTomcat Version8.0.41
ApacheTomcat Version8.5.0
ApacheTomcat Version8.5.1
ApacheTomcat Version8.5.2
ApacheTomcat Version8.5.3
ApacheTomcat Version8.5.4
ApacheTomcat Version8.5.5
ApacheTomcat Version8.5.6
ApacheTomcat Version8.5.7
ApacheTomcat Version8.5.8
ApacheTomcat Version8.5.9
ApacheTomcat Version8.5.10
ApacheTomcat Version8.5.11
ApacheTomcat Version9.0.0 Updatemilestone1
ApacheTomcat Version9.0.0 Updatemilestone10
ApacheTomcat Version9.0.0 Updatemilestone11
ApacheTomcat Version9.0.0 Updatemilestone12
ApacheTomcat Version9.0.0 Updatemilestone13
ApacheTomcat Version9.0.0 Updatemilestone14
ApacheTomcat Version9.0.0 Updatemilestone15
ApacheTomcat Version9.0.0 Updatemilestone16
ApacheTomcat Version9.0.0 Updatemilestone17
ApacheTomcat Version9.0.0 Updatemilestone2
ApacheTomcat Version9.0.0 Updatemilestone3
ApacheTomcat Version9.0.0 Updatemilestone4
ApacheTomcat Version9.0.0 Updatemilestone5
ApacheTomcat Version9.0.0 Updatemilestone6
ApacheTomcat Version9.0.0 Updatemilestone7
ApacheTomcat Version9.0.0 Updatemilestone8
ApacheTomcat Version9.0.0 Updatemilestone9
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 6.46% 0.907
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.1 3.9 5.2
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:P/I:P/A:N
CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

http://www.securityfocus.com/bid/97530
Third Party Advisory
VDB Entry