PT-2017-2776 · Apache · Apache Tomcat

Publicado

2017-04-11

Atualizado

2023-12-08

CVE-2017-7675

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 8.5.0 through 8.5.15 Apache Tomcat versions 9.0.0.M1 through 9.0.0.M21

Description The issue is related to the HTTP/2 implementation in Apache Tomcat, which bypassed security checks, allowing directory traversal attacks. This could be exploited by a remote attacker using a specially crafted URL to bypass security constraints.

Recommendations For Apache Tomcat versions 8.5.0 through 8.5.15, update to a version that includes the security fix for this issue. For Apache Tomcat versions 9.0.0.M1 through 9.0.0.M21, update to a version that includes the security fix for this issue. As a temporary workaround, consider restricting access to sensitive directories to minimize the risk of exploitation.

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

BDU:2017-02034

CVE-2017-7675

DSA-3974-1

GHSA-68G5-8Q7F-M384

Produtos afetados

Apache Tomcat

PT-2017-2776 · Apache · Apache Tomcat

CVE-2017-7675

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 42