CVE-2017-7674 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 90%

Affected Products (NVD)

Vendor	Product	Version
apache	tomcat	7.0.41
apache	tomcat	7.0.42
apache	tomcat	7.0.43
apache	tomcat	7.0.44
apache	tomcat	7.0.45
apache	tomcat	7.0.46
apache	tomcat	7.0.47
apache	tomcat	7.0.48
apache	tomcat	7.0.49
apache	tomcat	7.0.50
apache	tomcat	7.0.52
apache	tomcat	7.0.53
apache	tomcat	7.0.54
apache	tomcat	7.0.55
apache	tomcat	7.0.56
apache	tomcat	7.0.57
apache	tomcat	7.0.58
apache	tomcat	7.0.59
apache	tomcat	7.0.60
apache	tomcat	7.0.61
apache	tomcat	7.0.62
apache	tomcat	7.0.63
apache	tomcat	7.0.64
apache	tomcat	7.0.65
apache	tomcat	7.0.66
apache	tomcat	7.0.67
apache	tomcat	7.0.68
apache	tomcat	7.0.69
apache	tomcat	7.0.70
apache	tomcat	7.0.71
apache	tomcat	7.0.72
apache	tomcat	7.0.73
apache	tomcat	7.0.74
apache	tomcat	7.0.75
apache	tomcat	7.0.76
apache	tomcat	7.0.77
apache	tomcat	7.0.78
apache	tomcat	8.0
apache	tomcat	8.0.0:rc1
apache	tomcat	8.0.0:rc10
apache	tomcat	8.0.0:rc3
apache	tomcat	8.0.0:rc5
apache	tomcat	8.0.1
apache	tomcat	8.0.2
apache	tomcat	8.0.3
apache	tomcat	8.0.4
apache	tomcat	8.0.5
apache	tomcat	8.0.6
apache	tomcat	8.0.7
apache	tomcat	8.0.8
apache	tomcat	8.0.9
apache	tomcat	8.0.10
apache	tomcat	8.0.11
apache	tomcat	8.0.12
apache	tomcat	8.0.13
apache	tomcat	8.0.14
apache	tomcat	8.0.15
apache	tomcat	8.0.16
apache	tomcat	8.0.17
apache	tomcat	8.0.18
apache	tomcat	8.0.19
apache	tomcat	8.0.20
apache	tomcat	8.0.21
apache	tomcat	8.0.22
apache	tomcat	8.0.23
apache	tomcat	8.0.24
apache	tomcat	8.0.25
apache	tomcat	8.0.26
apache	tomcat	8.0.27
apache	tomcat	8.0.28
apache	tomcat	8.0.29
apache	tomcat	8.0.30
apache	tomcat	8.0.31
apache	tomcat	8.0.32
apache	tomcat	8.0.33
apache	tomcat	8.0.34
apache	tomcat	8.0.35
apache	tomcat	8.0.36
apache	tomcat	8.0.37
apache	tomcat	8.0.38
apache	tomcat	8.0.39
apache	tomcat	8.0.40
apache	tomcat	8.0.41
apache	tomcat	8.0.42
apache	tomcat	8.0.43
apache	tomcat	8.0.44
apache	tomcat	8.5.0
apache	tomcat	8.5.1
apache	tomcat	8.5.2
apache	tomcat	8.5.3
apache	tomcat	8.5.4
apache	tomcat	8.5.5
apache	tomcat	8.5.6
apache	tomcat	8.5.7
apache	tomcat	8.5.8
apache	tomcat	8.5.9
apache	tomcat	8.5.10
apache	tomcat	8.5.11
apache	tomcat	8.5.12
apache	tomcat	8.5.13
apache	tomcat	8.5.14
apache	tomcat	8.5.15
apache	tomcat	9.0.0:milestone1
apache	tomcat	9.0.0:milestone10
apache	tomcat	9.0.0:milestone11
apache	tomcat	9.0.0:milestone12
apache	tomcat	9.0.0:milestone13
apache	tomcat	9.0.0:milestone14
apache	tomcat	9.0.0:milestone15
apache	tomcat	9.0.0:milestone16
apache	tomcat	9.0.0:milestone17
apache	tomcat	9.0.0:milestone18
apache	tomcat	9.0.0:milestone19
apache	tomcat	9.0.0:milestone2
apache	tomcat	9.0.0:milestone20
apache	tomcat	9.0.0:milestone21
apache	tomcat	9.0.0:milestone3
apache	tomcat	9.0.0:milestone4
apache	tomcat	9.0.0:milestone5
apache	tomcat	9.0.0:milestone6
apache	tomcat	9.0.0:milestone7
apache	tomcat	9.0.0:milestone8
apache	tomcat	9.0.0:milestone9

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

tomcat9

bookworm	9.0.70-2 fixed
bullseye	9.0.43-2~deb11u10 fixed
bullseye (security)	9.0.43-2~deb11u10 fixed
sid	9.0.95-1 fixed
trixie	9.0.95-1 fixed
wheezy	not-affected

Ubuntu Releases

Ubuntu Product

Codename

tomcat7

artful	not-affected
bionic	not-affected
cosmic	not-affected
disco	dne
eoan	dne
focal	dne
groovy	dne
hirsute	dne
impish	dne
jammy	dne
mantic	dne
noble	dne
trusty	Fixed 7.0.52-1ubuntu0.13 released
xenial	needed
zesty	ignored

tomcat8

artful	not-affected
bionic	not-affected
cosmic	not-affected
disco	dne
eoan	dne
focal	dne
groovy	dne
hirsute	dne
impish	dne
jammy	dne
mantic	dne
noble	dne
trusty	dne
xenial	Fixed 8.0.32-1ubuntu1.5 released
zesty	Fixed 8.0.38-2ubuntu2.2 released