Vulnerability Name:

CVE-2017-5664

Assigned:2017-01-29
Published:2017-06-06
Updated:2018-01-18
Summary:The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat 9.0.0.M1 to 9.0.0.M20, 8.5.0 to 8.5.14, 8.0.0.RC1 to 8.0.43 and 7.0.0 to 7.0.77 did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the HTTP method. JSPs used as error pages must must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method.
CVSS v3 Severity:7.5 High (CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
6.5 Medium (Temporal CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
6.5 Medium (CCN CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
5.7 Medium (CCN Temporal CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): Low
7.5 High (REDHAT CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
6.5 Medium (REDHAT Temporal CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-254
CWE-501
References:Source: DEBIAN
Type: UNKNOWN
DSA-3891

Source: DEBIAN
Type: UNKNOWN
DSA-3892

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Source: BID
Type: VENDOR_ADVISORY
98888

Source: SECTRACK
Type: UNKNOWN
1038641

Source: REDHAT
Type: UNKNOWN
RHSA-2017:1801

Source: REDHAT
Type: UNKNOWN
RHSA-2017:1802

Source: REDHAT
Type: UNKNOWN
RHSA-2017:1809

Source: REDHAT
Type: UNKNOWN
RHSA-2017:2493

Source: REDHAT
Type: UNKNOWN
RHSA-2017:2494

Source: REDHAT
Type: UNKNOWN
RHSA-2017:2633

Source: REDHAT
Type: UNKNOWN
RHSA-2017:2635

Source: REDHAT
Type: UNKNOWN
RHSA-2017:2636

Source: REDHAT
Type: UNKNOWN
RHSA-2017:2637

Source: REDHAT
Type: UNKNOWN
RHSA-2017:2638

Source: REDHAT
Type: UNKNOWN
RHSA-2017:3080

Source: XF
Type: UNKNOWN
apache-tomcat-cve20175664-sec-bypass(126962)

Source: MLIST
Type: VENDOR_ADVISORY
[tomcat-users] 20170606 [SECURITY] CVE-2017-5664 Apache Tomcat Security Constraint Bypass

Source: CONFIRM
Type: UNKNOWN
https://security.netapp.com/advisory/ntap-20171019-0002/

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apache:tomcat:7.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.5:beta:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.13:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.14:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.15:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.16:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.17:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.18:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.19:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.20:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.21:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.22:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.23:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.24:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.25:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.26:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.27:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.28:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.29:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.30:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.31:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.32:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.33:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.34:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.35:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.36:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.37:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.38:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.39:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.40:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.41:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.42:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.43:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.44:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.45:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.46:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.47:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.48:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.49:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.50:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.51:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.54:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.55:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.56:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.57:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.58:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.59:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.60:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.61:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.62:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.63:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.64:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.65:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.66:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.67:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.68:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.69:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.70:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.71:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.72:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.73:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.74:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.75:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.76:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:7.0.77:*:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0.13:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0.14:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0.15:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0.16:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0.17:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0.18:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0.19:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0.20:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0.21:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0.22:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0.23:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0.24:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0.25:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0.26:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0.27:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0.28:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0.29:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0.30:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0.31:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0.32:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0.33:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0.34:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0.35:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0.36:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0.37:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0.38:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0.39:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0.40:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0.41:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0.42:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0.43:*:*:*:*:*:*:*

  • Configuration 3:
  • cpe:/a:apache:tomcat:8.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.5.6:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.5.7:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.5.8:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.5.9:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.5.10:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.5.11:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.5.12:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.5.13:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.5.14:*:*:*:*:*:*:*

  • Configuration 4:
  • cpe:/a:apache:tomcat:9.0.0:m1:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.0:m10:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.0:m11:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.0:m12:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.0:m13:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.0:m14:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.0:m15:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.0:m16:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.0:m17:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.0:m18:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.0:m19:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.0:m2:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.0:m20:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.0:m3:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.0:m4:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.0:m5:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.0:m6:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.0:m7:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.0:m8:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:9.0.0:m9:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

  • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:apache:tomcat:7.0.62:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:8.0:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:websphere_message_broker:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:integration_bus:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:algo_one:4.9.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:algo_one:5.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:algo_one:4.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_test_workbench:8.5.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_test_workbench:8.5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_test_workbench:8.5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_test_workbench:8.5.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_collaborative_lifecycle_management:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:integration_bus:10.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:algo_one:5.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql_enterprise_monitor:3.2.8.2223:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql_enterprise_monitor:3.3.4.3247:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql_enterprise_monitor:3.4.2.4181:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:transportation_management:6.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:transportation_management:6.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:transportation_management:6.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:transportation_management:6.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:transportation_management:6.3.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:transportation_management:6.3.5:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:transportation_management:6.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:transportation_management:6.3.7:*:*:*:*:*:*:*

  • Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20175664
    V
    CVE-2017-5664
    2018-01-23
    oval:com.redhat.rhsa:def:20173080
    P
    RHSA-2017:3080: tomcat6 security update (Important)
    2017-10-29
    oval:com.redhat.rhsa:def:20171809
    P
    RHSA-2017:1809: tomcat security update (Important)
    2017-07-27
    oval:com.ubuntu.trusty:def:20175664000
    V
    CVE-2017-5664 on Ubuntu 14.04 LTS (trusty) - medium.
    2017-06-06
    oval:com.ubuntu.xenial:def:20175664000
    V
    CVE-2017-5664 on Ubuntu 16.04 LTS (xenial) - medium.
    2017-06-06
    BACK
    apache tomcat 7.0.0
    apache tomcat 7.0.0 beta
    apache tomcat 7.0.1
    apache tomcat 7.0.2
    apache tomcat 7.0.2 beta
    apache tomcat 7.0.3
    apache tomcat 7.0.4
    apache tomcat 7.0.4 beta
    apache tomcat 7.0.5
    apache tomcat 7.0.5 beta
    apache tomcat 7.0.6
    apache tomcat 7.0.7
    apache tomcat 7.0.8
    apache tomcat 7.0.9
    apache tomcat 7.0.10
    apache tomcat 7.0.11
    apache tomcat 7.0.12
    apache tomcat 7.0.13
    apache tomcat 7.0.14
    apache tomcat 7.0.15
    apache tomcat 7.0.16
    apache tomcat 7.0.17
    apache tomcat 7.0.18
    apache tomcat 7.0.19
    apache tomcat 7.0.20
    apache tomcat 7.0.21
    apache tomcat 7.0.22
    apache tomcat 7.0.23
    apache tomcat 7.0.24
    apache tomcat 7.0.25
    apache tomcat 7.0.26
    apache tomcat 7.0.27
    apache tomcat 7.0.28
    apache tomcat 7.0.29
    apache tomcat 7.0.30
    apache tomcat 7.0.31
    apache tomcat 7.0.32
    apache tomcat 7.0.33
    apache tomcat 7.0.34
    apache tomcat 7.0.35
    apache tomcat 7.0.36
    apache tomcat 7.0.37
    apache tomcat 7.0.38
    apache tomcat 7.0.39
    apache tomcat 7.0.40
    apache tomcat 7.0.41
    apache tomcat 7.0.42
    apache tomcat 7.0.43
    apache tomcat 7.0.44
    apache tomcat 7.0.45
    apache tomcat 7.0.46
    apache tomcat 7.0.47
    apache tomcat 7.0.48
    apache tomcat 7.0.49
    apache tomcat 7.0.50
    apache tomcat 7.0.51
    apache tomcat 7.0.54
    apache tomcat 7.0.55
    apache tomcat 7.0.56
    apache tomcat 7.0.57
    apache tomcat 7.0.58
    apache tomcat 7.0.59
    apache tomcat 7.0.60
    apache tomcat 7.0.61
    apache tomcat 7.0.62
    apache tomcat 7.0.63
    apache tomcat 7.0.64
    apache tomcat 7.0.65
    apache tomcat 7.0.66
    apache tomcat 7.0.67
    apache tomcat 7.0.68
    apache tomcat 7.0.69
    apache tomcat 7.0.70
    apache tomcat 7.0.71
    apache tomcat 7.0.72
    apache tomcat 7.0.73
    apache tomcat 7.0.74
    apache tomcat 7.0.75
    apache tomcat 7.0.76
    apache tomcat 7.0.77
    apache tomcat 8.0.0 rc1
    apache tomcat 8.0.0 rc10
    apache tomcat 8.0.0 rc3
    apache tomcat 8.0.0 rc5
    apache tomcat 8.0.1
    apache tomcat 8.0.2
    apache tomcat 8.0.3
    apache tomcat 8.0.4
    apache tomcat 8.0.5
    apache tomcat 8.0.6
    apache tomcat 8.0.7
    apache tomcat 8.0.9
    apache tomcat 8.0.10
    apache tomcat 8.0.11
    apache tomcat 8.0.12
    apache tomcat 8.0.13
    apache tomcat 8.0.14
    apache tomcat 8.0.15
    apache tomcat 8.0.16
    apache tomcat 8.0.17
    apache tomcat 8.0.18
    apache tomcat 8.0.19
    apache tomcat 8.0.20
    apache tomcat 8.0.21
    apache tomcat 8.0.22
    apache tomcat 8.0.23
    apache tomcat 8.0.24
    apache tomcat 8.0.25
    apache tomcat 8.0.26
    apache tomcat 8.0.27
    apache tomcat 8.0.28
    apache tomcat 8.0.29
    apache tomcat 8.0.30
    apache tomcat 8.0.31
    apache tomcat 8.0.32
    apache tomcat 8.0.33
    apache tomcat 8.0.34
    apache tomcat 8.0.35
    apache tomcat 8.0.36
    apache tomcat 8.0.37
    apache tomcat 8.0.38
    apache tomcat 8.0.39
    apache tomcat 8.0.40
    apache tomcat 8.0.41
    apache tomcat 8.0.42
    apache tomcat 8.0.43
    apache tomcat 8.5.0
    apache tomcat 8.5.1
    apache tomcat 8.5.2
    apache tomcat 8.5.3
    apache tomcat 8.5.4
    apache tomcat 8.5.5
    apache tomcat 8.5.6
    apache tomcat 8.5.7
    apache tomcat 8.5.8
    apache tomcat 8.5.9
    apache tomcat 8.5.10
    apache tomcat 8.5.11
    apache tomcat 8.5.12
    apache tomcat 8.5.13
    apache tomcat 8.5.14
    apache tomcat 9.0.0 m1
    apache tomcat 9.0.0 m10
    apache tomcat 9.0.0 m11
    apache tomcat 9.0.0 m12
    apache tomcat 9.0.0 m13
    apache tomcat 9.0.0 m14
    apache tomcat 9.0.0 m15
    apache tomcat 9.0.0 m16
    apache tomcat 9.0.0 m17
    apache tomcat 9.0.0 m18
    apache tomcat 9.0.0 m19
    apache tomcat 9.0.0 m2
    apache tomcat 9.0.0 m20
    apache tomcat 9.0.0 m3
    apache tomcat 9.0.0 m4
    apache tomcat 9.0.0 m5
    apache tomcat 9.0.0 m6
    apache tomcat 9.0.0 m7
    apache tomcat 9.0.0 m8
    apache tomcat 9.0.0 m9
    redhat enterprise_linux 7
    redhat enterprise_linux 6