CVE-2017-5648

CRITICAL

Apache Tomcat < 9.0.0.M18 - Exposure to Wrong Actor

Title source: rule

Description

While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application.

References (21)

[Third Party Advisory] http://www.debian.org/security/2017/dsa-3842

[Third Party Advisory] http://www.debian.org/security/2017/dsa-3843

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/97530

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1038220

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2017:1801

[Vendor Advisory] https://security.netapp.com/advisory/ntap-20180614-0001/

[Third Party Advisory] https://security.gentoo.org/glsa/201705-09

[Mailing List] http://www.openwall.com/lists/oss-security/2020/07/20/8

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2017:1802

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2017:1809

[Mailing List] https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600%40%3Cannounce.tomcat.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E

... and 1 more

Scores

CVSS v3 9.1

EPSS 0.2441

EPSS Percentile 96.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Classification

CWE

CWE-668

Status draft

Affected Products (50)

apache/tomcat

apache/tomcat

apache/tomcat

apache/tomcat

apache/tomcat

apache/tomcat

apache/tomcat

apache/tomcat

apache/tomcat

apache/tomcat

apache/tomcat

apache/tomcat

apache/tomcat

apache/tomcat

apache/tomcat

... and 35 more

Timeline

Published Apr 17, 2017

Tracked Since Feb 18, 2026