PT-2017-14152 · Apache+3 · Apache Tomcat+3
Published
2017-11-30
·
Updated
2023-12-08
·
CVE-2017-15706
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Apache Tomcat versions 9.0.0.M22 through 9.0.1
Apache Tomcat versions 8.5.16 through 8.5.23
Apache Tomcat versions 8.0.45 through 8.0.47
Apache Tomcat versions 7.0.79 through 7.0.82
Description
The issue concerns the documentation of the search algorithm used by the CGI Servlet in Apache Tomcat. An update to this documentation was incorrect, which may have caused some scripts to fail execution as expected, while others may have been executed unexpectedly. However, the actual behavior of the CGI servlet has not changed, only its documentation was incorrect and has been corrected.
Recommendations
For Apache Tomcat versions 9.0.0.M22 through 9.0.1, update the documentation to reflect the correct search algorithm used by the CGI Servlet.
For Apache Tomcat versions 8.5.16 through 8.5.23, update the documentation to reflect the correct search algorithm used by the CGI Servlet.
For Apache Tomcat versions 8.0.45 through 8.0.47, update the documentation to reflect the correct search algorithm used by the CGI Servlet.
For Apache Tomcat versions 7.0.79 through 7.0.82, update the documentation to reflect the correct search algorithm used by the CGI Servlet.
Exploit
Fix
Improperly Implemented Security Check for Standard
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Apache Tomcat
Suse
Ubuntu