Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Open source implementation of the Java Servlet 3.1 and JavaServer Pages 2.3 technologies
Version 8.5.41-1 [extra]


Group Affected Fixed Severity Status Ticket
AVG-291 8.0.42-1 8.0.44-1 High Fixed
AVG-25 8.0.36-1 8.0.37-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2017-5664 AVG-291 High Yes Access restriction bypass
A security issue has been found in Apache Tomcat < 7.0.18 and < 8.0.44. The error page mechanism of the Java Servlet Specification requires that, when an...
CVE-2016-5388 AVG-25 Medium Yes Proxy injection
It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which...


Date Advisory Group Severity Description
06 Jun 2017 ASA-201706-7 AVG-291 High access restriction bypass
07 Sep 2016 ASA-201609-7 AVG-25 Medium proxy injection