Описание
A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| disco | DNE | |
| eoan | DNE | |
| esm-apps/xenial | released | 6.0.45+dfsg-1ubuntu0.1 |
| esm-infra-legacy/trusty | needed | |
| esm-infra/focal | DNE | |
| focal | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | |
| cosmic | not-affected | |
| devel | DNE | |
| disco | DNE | |
| eoan | DNE | |
| esm-apps/bionic | not-affected | |
| esm-apps/xenial | released | 7.0.68-1ubuntu0.3 |
| esm-infra-legacy/trusty | released | 7.0.52-1ubuntu0.8 |
| esm-infra/focal | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 8.0.38-2 |
| bionic | not-affected | 8.0.38-2 |
| cosmic | not-affected | 8.0.38-2 |
| devel | DNE | |
| disco | DNE | |
| eoan | DNE | |
| esm-apps/bionic | not-affected | 8.0.38-2 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| esm-infra/xenial | released | 8.0.32-1ubuntu1.3 |
Показывать по
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.
A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.
A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0 ...
Apache Tomcat vulnerable to SecurityManager bypass
ELSA-2017-2247: tomcat security, bug fix, and enhancement update (LOW)
5 Medium
CVSS2
7.5 High
CVSS3