CVE-2017-7675 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 89%

Affected Products (NVD)

Vendor	Product	Version
apache	tomcat	8.5.0
apache	tomcat	8.5.1
apache	tomcat	8.5.2
apache	tomcat	8.5.3
apache	tomcat	8.5.4
apache	tomcat	8.5.5
apache	tomcat	8.5.6
apache	tomcat	8.5.7
apache	tomcat	8.5.8
apache	tomcat	8.5.9
apache	tomcat	8.5.10
apache	tomcat	8.5.11
apache	tomcat	8.5.12
apache	tomcat	8.5.13
apache	tomcat	8.5.14
apache	tomcat	8.5.15
apache	tomcat	9.0.0:milestone1
apache	tomcat	9.0.0:milestone10
apache	tomcat	9.0.0:milestone11
apache	tomcat	9.0.0:milestone12
apache	tomcat	9.0.0:milestone13
apache	tomcat	9.0.0:milestone14
apache	tomcat	9.0.0:milestone15
apache	tomcat	9.0.0:milestone16
apache	tomcat	9.0.0:milestone17
apache	tomcat	9.0.0:milestone18
apache	tomcat	9.0.0:milestone19
apache	tomcat	9.0.0:milestone2
apache	tomcat	9.0.0:milestone20
apache	tomcat	9.0.0:milestone21
apache	tomcat	9.0.0:milestone3
apache	tomcat	9.0.0:milestone4
apache	tomcat	9.0.0:milestone5
apache	tomcat	9.0.0:milestone6
apache	tomcat	9.0.0:milestone7
apache	tomcat	9.0.0:milestone8
apache	tomcat	9.0.0:milestone9

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

tomcat9

bookworm	9.0.70-2 fixed
bullseye	9.0.43-2~deb11u10 fixed
bullseye (security)	9.0.43-2~deb11u10 fixed
jessie	not-affected
sid	9.0.95-1 fixed
trixie	9.0.95-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

tomcat7

trusty	not-affected
xenial	not-affected
zesty	not-affected

tomcat8

trusty	dne
xenial	not-affected
zesty	not-affected

Common Weakness Enumeration

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References

http://www.debian.org/security/2017/dsa-3974

http://www.securityfocus.com/bid/100256

https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/5f8ab8a02f3610bd56ea2b0d69af25cbde451d79c46276c350e05a15%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/d3a5818e8af731bde6a05ef031ed3acc093c6dd7c4bfcc4936eafd6c%40%3Cannounce.tomcat.apache.org%3E

https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E

https://security.netapp.com/advisory/ntap-20180614-0003/

http://www.debian.org/security/2017/dsa-3974

http://www.securityfocus.com/bid/100256

https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/5f8ab8a02f3610bd56ea2b0d69af25cbde451d79c46276c350e05a15%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/d3a5818e8af731bde6a05ef031ed3acc093c6dd7c4bfcc4936eafd6c%40%3Cannounce.tomcat.apache.org%3E

https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E

https://security.netapp.com/advisory/ntap-20180614-0003/