Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameCVE-2017-7675First vendor Publication2017-08-10
VendorCveLast vendor Modification2019-06-12

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7675

CWE : Common Weakness Enumeration

%idName
100 %CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application37

Nessus® Vulnerability Scanner

DateDescription
2017-09-18Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3974.nasl - Type : ACT_GATHER_INFO
2017-08-18Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_8_5_16.nasl - Type : ACT_GATHER_INFO
2017-08-18Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_9_0_0_M22.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/100256
CONFIRM https://security.netapp.com/advisory/ntap-20180614-0003/
DEBIAN http://www.debian.org/security/2017/dsa-3974
MLIST https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba...
https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e21...
https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3...
https://lists.apache.org/thread.html/5f8ab8a02f3610bd56ea2b0d69af25cbde451d79...
https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba14...
https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ff...
https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a904...
https://lists.apache.org/thread.html/d3a5818e8af731bde6a05ef031ed3acc093c6dd7...
https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df...
https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8b...

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
DateInformations
2019-06-12 21:19:19
  • Multiple Updates
2019-04-15 21:18:59
  • Multiple Updates
2019-04-15 17:18:45
  • Multiple Updates
2019-03-25 17:19:01
  • Multiple Updates
2019-03-21 21:19:13
  • Multiple Updates
2018-06-16 09:19:32
  • Multiple Updates
2017-11-04 09:24:00
  • Multiple Updates
2017-09-19 13:25:08
  • Multiple Updates
2017-08-24 21:23:48
  • Multiple Updates
2017-08-19 13:24:47
  • Multiple Updates
2017-08-12 09:23:20
  • Multiple Updates
2017-08-11 09:23:20
  • First insertion