7.5

CVE-2017-5664

EPSS 10.8%
Veröffentlicht 06.06.2017 14:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle security@apache.org
CVE-Watchlists
Login
Unerledigt
Login

The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat 9.0.0.M1 to 9.0.0.M20, 8.5.0 to 8.5.14, 8.0.0.RC1 to 8.0.43 and 7.0.0 to 7.0.77 did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the HTTP method. JSPs used as error pages must must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 41

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Tomcat Version7.0.0

Apache ≫ Tomcat Version7.0.0 Updatebeta

Apache ≫ Tomcat Version7.0.1

Apache ≫ Tomcat Version7.0.2

Apache ≫ Tomcat Version7.0.2 Updatebeta

Apache ≫ Tomcat Version7.0.3

Apache ≫ Tomcat Version7.0.4

Apache ≫ Tomcat Version7.0.4 Updatebeta

Apache ≫ Tomcat Version7.0.5

Apache ≫ Tomcat Version7.0.5 Updatebeta

Apache ≫ Tomcat Version7.0.6

Apache ≫ Tomcat Version7.0.7

Apache ≫ Tomcat Version7.0.8

Apache ≫ Tomcat Version7.0.9

Apache ≫ Tomcat Version7.0.10

Apache ≫ Tomcat Version7.0.11

Apache ≫ Tomcat Version7.0.12

Apache ≫ Tomcat Version7.0.13

Apache ≫ Tomcat Version7.0.14

Apache ≫ Tomcat Version7.0.15

Apache ≫ Tomcat Version7.0.16

Apache ≫ Tomcat Version7.0.17

Apache ≫ Tomcat Version7.0.18

Apache ≫ Tomcat Version7.0.19

Apache ≫ Tomcat Version7.0.20

Apache ≫ Tomcat Version7.0.21

Apache ≫ Tomcat Version7.0.22

Apache ≫ Tomcat Version7.0.23

Apache ≫ Tomcat Version7.0.24

Apache ≫ Tomcat Version7.0.25

Apache ≫ Tomcat Version7.0.26

Apache ≫ Tomcat Version7.0.27

Apache ≫ Tomcat Version7.0.28

Apache ≫ Tomcat Version7.0.29

Apache ≫ Tomcat Version7.0.30

Apache ≫ Tomcat Version7.0.31

Apache ≫ Tomcat Version7.0.32

Apache ≫ Tomcat Version7.0.33

Apache ≫ Tomcat Version7.0.34

Apache ≫ Tomcat Version7.0.35

Apache ≫ Tomcat Version7.0.36

Apache ≫ Tomcat Version7.0.37

Apache ≫ Tomcat Version7.0.38

Apache ≫ Tomcat Version7.0.39

Apache ≫ Tomcat Version7.0.40

Apache ≫ Tomcat Version7.0.41

Apache ≫ Tomcat Version7.0.42

Apache ≫ Tomcat Version7.0.43

Apache ≫ Tomcat Version7.0.44

Apache ≫ Tomcat Version7.0.45

Apache ≫ Tomcat Version7.0.46

Apache ≫ Tomcat Version7.0.47

Apache ≫ Tomcat Version7.0.48

Apache ≫ Tomcat Version7.0.49

Apache ≫ Tomcat Version7.0.50

Apache ≫ Tomcat Version7.0.51

Apache ≫ Tomcat Version7.0.54

Apache ≫ Tomcat Version7.0.55

Apache ≫ Tomcat Version7.0.56

Apache ≫ Tomcat Version7.0.57

Apache ≫ Tomcat Version7.0.58

Apache ≫ Tomcat Version7.0.59

Apache ≫ Tomcat Version7.0.60

Apache ≫ Tomcat Version7.0.61

Apache ≫ Tomcat Version7.0.62

Apache ≫ Tomcat Version7.0.63

Apache ≫ Tomcat Version7.0.64

Apache ≫ Tomcat Version7.0.65

Apache ≫ Tomcat Version7.0.66

Apache ≫ Tomcat Version7.0.67

Apache ≫ Tomcat Version7.0.68

Apache ≫ Tomcat Version7.0.69

Apache ≫ Tomcat Version7.0.70

Apache ≫ Tomcat Version7.0.71

Apache ≫ Tomcat Version7.0.72

Apache ≫ Tomcat Version7.0.73

Apache ≫ Tomcat Version7.0.74

Apache ≫ Tomcat Version7.0.75

Apache ≫ Tomcat Version7.0.76

Apache ≫ Tomcat Version7.0.77

Apache ≫ Tomcat Version8.0.0 Updaterc1

Apache ≫ Tomcat Version8.0.0 Updaterc10

Apache ≫ Tomcat Version8.0.0 Updaterc3

Apache ≫ Tomcat Version8.0.0 Updaterc5

Apache ≫ Tomcat Version8.0.1

Apache ≫ Tomcat Version8.0.2

Apache ≫ Tomcat Version8.0.3

Apache ≫ Tomcat Version8.0.4

Apache ≫ Tomcat Version8.0.5

Apache ≫ Tomcat Version8.0.6

Apache ≫ Tomcat Version8.0.7

Apache ≫ Tomcat Version8.0.9

Apache ≫ Tomcat Version8.0.10

Apache ≫ Tomcat Version8.0.11

Apache ≫ Tomcat Version8.0.12

Apache ≫ Tomcat Version8.0.13

Apache ≫ Tomcat Version8.0.14

Apache ≫ Tomcat Version8.0.15

Apache ≫ Tomcat Version8.0.16

Apache ≫ Tomcat Version8.0.17

Apache ≫ Tomcat Version8.0.18

Apache ≫ Tomcat Version8.0.19

Apache ≫ Tomcat Version8.0.20

Apache ≫ Tomcat Version8.0.21

Apache ≫ Tomcat Version8.0.22

Apache ≫ Tomcat Version8.0.23

Apache ≫ Tomcat Version8.0.24

Apache ≫ Tomcat Version8.0.25

Apache ≫ Tomcat Version8.0.26

Apache ≫ Tomcat Version8.0.27

Apache ≫ Tomcat Version8.0.28

Apache ≫ Tomcat Version8.0.29

Apache ≫ Tomcat Version8.0.30

Apache ≫ Tomcat Version8.0.31

Apache ≫ Tomcat Version8.0.32

Apache ≫ Tomcat Version8.0.33

Apache ≫ Tomcat Version8.0.34

Apache ≫ Tomcat Version8.0.35

Apache ≫ Tomcat Version8.0.36

Apache ≫ Tomcat Version8.0.37

Apache ≫ Tomcat Version8.0.38

Apache ≫ Tomcat Version8.0.39

Apache ≫ Tomcat Version8.0.40

Apache ≫ Tomcat Version8.0.41

Apache ≫ Tomcat Version8.0.42

Apache ≫ Tomcat Version8.0.43

Apache ≫ Tomcat Version8.5.0

Apache ≫ Tomcat Version8.5.1

Apache ≫ Tomcat Version8.5.2

Apache ≫ Tomcat Version8.5.3

Apache ≫ Tomcat Version8.5.4

Apache ≫ Tomcat Version8.5.5

Apache ≫ Tomcat Version8.5.6

Apache ≫ Tomcat Version8.5.7

Apache ≫ Tomcat Version8.5.8

Apache ≫ Tomcat Version8.5.9

Apache ≫ Tomcat Version8.5.10

Apache ≫ Tomcat Version8.5.11

Apache ≫ Tomcat Version8.5.12

Apache ≫ Tomcat Version8.5.13

Apache ≫ Tomcat Version8.5.14

Apache ≫ Tomcat Version9.0.0 Updatemilestone1

Apache ≫ Tomcat Version9.0.0 Updatemilestone10

Apache ≫ Tomcat Version9.0.0 Updatemilestone11

Apache ≫ Tomcat Version9.0.0 Updatemilestone12

Apache ≫ Tomcat Version9.0.0 Updatemilestone13

Apache ≫ Tomcat Version9.0.0 Updatemilestone14

Apache ≫ Tomcat Version9.0.0 Updatemilestone15

Apache ≫ Tomcat Version9.0.0 Updatemilestone16

Apache ≫ Tomcat Version9.0.0 Updatemilestone17

Apache ≫ Tomcat Version9.0.0 Updatemilestone18

Apache ≫ Tomcat Version9.0.0 Updatemilestone19

Apache ≫ Tomcat Version9.0.0 Updatemilestone2

Apache ≫ Tomcat Version9.0.0 Updatemilestone20

Apache ≫ Tomcat Version9.0.0 Updatemilestone3

Apache ≫ Tomcat Version9.0.0 Updatemilestone4

Apache ≫ Tomcat Version9.0.0 Updatemilestone5

Apache ≫ Tomcat Version9.0.0 Updatemilestone6

Apache ≫ Tomcat Version9.0.0 Updatemilestone7

Apache ≫ Tomcat Version9.0.0 Updatemilestone8

Apache ≫ Tomcat Version9.0.0 Updatemilestone9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	10.8%	0.931

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-755 Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E

https://access.redhat.com/errata/RHSA-2017:1801

https://access.redhat.com/errata/RHSA-2017:1802

https://access.redhat.com/errata/RHSA-2017:2493

https://access.redhat.com/errata/RHSA-2017:2494

https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E

https://access.redhat.com/errata/RHSA-2017:3080

https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E

https://access.redhat.com/errata/RHSA-2017:1809

https://access.redhat.com/errata/RHSA-2017:2633

https://access.redhat.com/errata/RHSA-2017:2635

https://access.redhat.com/errata/RHSA-2017:2636

https://access.redhat.com/errata/RHSA-2017:2637

https://access.redhat.com/errata/RHSA-2017:2638

https://security.netapp.com/advisory/ntap-20171019-0002/

http://www.debian.org/security/2017/dsa-3891

http://www.debian.org/security/2017/dsa-3892

http://www.securityfocus.com/bid/98888

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1038641

https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/a42c48e37398d76334e17089e43ccab945238b8b7896538478d76066%40%3Cannounce.tomcat.apache.org%3E

https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us

https://nvd.nist.gov/vuln/detail/CVE-2017-5664

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-5664

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-5664

EUVD