tomcat7

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Open source implementation of the Java Servlet 3.0 and JavaServer Pages 2.2 technologies
Version 7.0.82-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-409 7.0.80-1 High Not affected
AVG-408 7.0.80-1 7.0.81-1 Medium Fixed
AVG-290 7.0.76-1 7.0.78-1 High Fixed
AVG-23 7.0.70-1 7.0.72-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2017-5664 AVG-290 High Yes Access restriction bypass
A security issue has been found in Apache Tomcat < 7.0.18 and < 8.0.44. The error page mechanism of the Java Servlet Specification requires that, when an...
CVE-2017-12616 AVG-408 Medium Yes Information disclosure
It has been discovered that tomcat version 7.0.80 and before are vulnerable to information disclosure. When using a VirtualDirContext it was possible to...
CVE-2017-12615 AVG-409 High Yes Arbitrary code execution
It has been discovered that tomcat version 7.0.80 and before are vulnerable to arbitrary code execution on Windows systems. When running Windows with HTTP...
CVE-2016-5388 AVG-23 Medium Yes Proxy injection
It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which...

Advisories

Date Advisory Group Severity Description
19 Sep 2017 ASA-201709-17 AVG-408 Medium information disclosure
06 Jun 2017 ASA-201706-6 AVG-290 High access restriction bypass
22 Sep 2016 ASA-201609-21 AVG-23 Medium proxy injection