Vulnerability CVE-2017-5664 - CERT Civis.Net

Vulnerability Name:

CVE-2017-5664

Assigned:

2017-06-06

Published:

2017-06-06

Updated:

2018-05-09

Summary:

The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat 9.0.0.M1 to 9.0.0.M20, 8.5.0 to 8.5.14, 8.0.0.RC1 to 8.0.43 and 7.0.0 to 7.0.77 did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the HTTP method. JSPs used as error pages must must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method.

CVSS v3 Severity:

7.5 High (CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
6.5 Medium (Temporal CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

6.5 Medium (CCN CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
5.7 Medium (CCN Temporal CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): Low

7.5 High (REDHAT CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
6.5 Medium (REDHAT Temporal CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-254
CWE-266

References:

Source: DEBIAN
Type: UNKNOWN
DSA-3891

Source: DEBIAN
Type: UNKNOWN
DSA-3892

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Source: BID
Type: VENDOR_ADVISORY
98888

Source: SECTRACK
Type: UNKNOWN
1038641

Source: REDHAT
Type: UNKNOWN
RHSA-2017:1801

Source: REDHAT
Type: UNKNOWN
RHSA-2017:1802

Source: REDHAT
Type: UNKNOWN
RHSA-2017:1809

Source: REDHAT
Type: UNKNOWN
RHSA-2017:2493

Source: REDHAT
Type: UNKNOWN
RHSA-2017:2494

Source: REDHAT
Type: UNKNOWN
RHSA-2017:2633

Source: REDHAT
Type: UNKNOWN
RHSA-2017:2635

Source: REDHAT
Type: UNKNOWN
RHSA-2017:2636

Source: REDHAT
Type: UNKNOWN
RHSA-2017:2637

Source: REDHAT
Type: UNKNOWN
RHSA-2017:2638

Source: REDHAT
Type: UNKNOWN
RHSA-2017:3080

Source: XF
Type: UNKNOWN
apache-tomcat-cve20175664-sec-bypass(126962)

Source: MLIST
Type: VENDOR_ADVISORY
[tomcat-users] 20170606 [SECURITY] CVE-2017-5664 Apache Tomcat Security Constraint Bypass

Source: CONFIRM
Type: UNKNOWN
https://security.netapp.com/advisory/ntap-20171019-0002/

Source: CONFIRM
Type: UNKNOWN
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us

Vulnerable Configuration:

Configuration 1:

cpe:/a:apache:tomcat:7.0.0:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.2:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.3:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.4:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.5:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.5:beta:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.6:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.7:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.8:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.9:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.10:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.11:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.12:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.13:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.14:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.15:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.16:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.17:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.18:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.19:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.20:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.21:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.22:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.23:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.24:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.25:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.26:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.27:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.28:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.29:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.30:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.31:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.32:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.33:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.34:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.35:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.36:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.37:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.38:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.39:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.40:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.41:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.42:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.43:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.44:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.45:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.46:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.47:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.48:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.49:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.50:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.51:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.54:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.55:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.56:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.57:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.58:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.59:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.60:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.61:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.62:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.63:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.64:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.65:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.66:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.67:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.68:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.69:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.70:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.71:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.72:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.73:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.74:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.75:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.76:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:7.0.77:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.0:rc3:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.2:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.3:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.4:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.5:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.6:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.7:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.9:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.10:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.11:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.12:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.13:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.14:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.15:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.16:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.17:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.18:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.19:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.20:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.21:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.22:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.23:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.24:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.25:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.26:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.27:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.28:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.29:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.30:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.31:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.32:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.33:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.34:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.35:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.36:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.37:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.38:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.39:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.40:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.41:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.42:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0.43:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:apache:tomcat:8.5.0:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.5.1:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.5.2:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.5.3:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.5.4:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.5.5:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.5.6:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.5.7:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.5.8:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.5.9:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.5.10:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.5.11:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.5.12:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.5.13:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.5.14:*:*:*:*:*:*:*

Configuration 4:

cpe:/a:apache:tomcat:9.0.0:m1:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.0:m10:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.0:m11:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.0:m12:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.0:m13:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.0:m14:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.0:m15:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.0:m16:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.0:m17:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.0:m18:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.0:m19:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.0:m2:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.0:m20:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.0:m3:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.0:m4:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.0:m5:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.0:m6:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.0:m7:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.0:m8:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:9.0.0:m9:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:apache:tomcat:7.0.62:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0:*:*:*:*:*:*:*

AND

cpe:/a:ibm:websphere_message_broker:8.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:integration_bus:9.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:algo_one:4.9.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:algo_one:5.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.2.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:algo_one:4.9.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.5.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.5.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.5.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_test_workbench:8.5.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_collaborative_lifecycle_management:6.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:agile_engineering_data_management:6.1.3.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:integration_bus:10.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:algo_one:5.1.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:agile_engineering_data_management:6.2.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql_enterprise_monitor:3.2.8.2223:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql_enterprise_monitor:3.3.4.3247:*:*:*:*:*:*:*

OR cpe:/a:oracle:mysql_enterprise_monitor:3.4.2.4181:*:*:*:*:*:*:*

OR cpe:/a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:transportation_management:6.3.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:transportation_management:6.3.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:transportation_management:6.3.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:transportation_management:6.3.3:*:*:*:*:*:*:*

OR cpe:/a:oracle:transportation_management:6.3.4:*:*:*:*:*:*:*

OR cpe:/a:oracle:transportation_management:6.3.5:*:*:*:*:*:*:*

OR cpe:/a:oracle:transportation_management:6.3.6:*:*:*:*:*:*:*

OR cpe:/a:oracle:transportation_management:6.3.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium_big_data_intelligence:3.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20175664	V	CVE-2017-5664	2018-07-17
oval:com.redhat.rhsa:def:20173080	P	RHSA-2017:3080: tomcat6 security update (Important)	2017-10-29
oval:com.redhat.rhsa:def:20171809	P	RHSA-2017:1809: tomcat security update (Important)	2017-07-27
oval:com.ubuntu.trusty:def:20175664000	V	CVE-2017-5664 on Ubuntu 14.04 LTS (trusty) - medium.	2017-06-06
oval:com.ubuntu.artful:def:20175664000	V	CVE-2017-5664 on Ubuntu 17.10 (artful) - medium.	2017-06-06
oval:com.ubuntu.xenial:def:20175664000	V	CVE-2017-5664 on Ubuntu 16.04 LTS (xenial) - medium.	2017-06-06