PT-2017-13184 · Apache+1 · Apache Tomcat+2

Published

2017-09-29

Updated

2017-10-05

CVE-2017-13990

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions ArcSight ESM versions prior to 6.9.1c Patch 4 ArcSight ESM versions prior to 6.11.0 Patch 1 ArcSight ESM Express versions prior to 6.9.1c Patch 4 ArcSight ESM Express versions prior to 6.11.0 Patch 1

Description An information leakage issue allows disclosure of the Apache Tomcat application server version.

Recommendations For ArcSight ESM versions prior to 6.9.1c Patch 4, update to 6.9.1c Patch 4 or later. For ArcSight ESM versions prior to 6.11.0 Patch 1, update to 6.11.0 Patch 1 or later. For ArcSight ESM Express versions prior to 6.9.1c Patch 4, update to 6.9.1c Patch 4 or later. For ArcSight ESM Express versions prior to 6.11.0 Patch 1, update to 6.11.0 Patch 1 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2017-13990

Affected Products

Apache Tomcat

Arcsight Esm

Arcsight Esm Express

PT-2017-13184 · Apache+1 · Apache Tomcat+2

CVE-2017-13990

Weakness Enumeration

Related Identifiers

Affected Products

References · 4