PT-2017-2776 · Apache · Apache Tomcat

Published

2017-04-11

Updated

2023-12-08

CVE-2017-7675

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 8.5.0 through 8.5.15 Apache Tomcat versions 9.0.0.M1 through 9.0.0.M21

Description The issue is related to the HTTP/2 implementation in Apache Tomcat, which bypassed security checks, allowing directory traversal attacks. This could be exploited by a remote attacker using a specially crafted URL to bypass security constraints.

Recommendations For Apache Tomcat versions 8.5.0 through 8.5.15, update to a version that includes the security fix for this issue. For Apache Tomcat versions 9.0.0.M1 through 9.0.0.M21, update to a version that includes the security fix for this issue. As a temporary workaround, consider restricting access to sensitive directories to minimize the risk of exploitation.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

BDU:2017-02034

CVE-2017-7675

DSA-3974-1

GHSA-68G5-8Q7F-M384

Affected Products

Apache Tomcat

PT-2017-2776 · Apache · Apache Tomcat

CVE-2017-7675

Weakness Enumeration

Related Identifiers

Affected Products

References · 42