The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL.
References
Configurations
Configuration 1 (hide)
|
History
08 Dec 2023, 16:41
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:apache:tomcat:9.0.0:m4:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:m14:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:m10:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:m6:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:m19:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:m2:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:m17:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:m15:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:m12:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:m1:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:m3:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:m5:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:m21:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:m20:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:m18:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:m7:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:m8:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:m13:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:m11:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:m9:*:*:*:*:*:* |
cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:* cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:* |
07 Nov 2023, 02:50
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2017-08-11 02:29
Updated : 2023-12-10 12:15
NVD link : CVE-2017-7675
Mitre link : CVE-2017-7675
CVE.ORG link : CVE-2017-7675
JSON object : View
Products Affected
apache
- tomcat
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')