[manjaro-security] [arch-security] [ASA-201706-6] tomcat7: access restriction bypass
rgacogne at archlinux.org
Tue Jun 6 14:27:41 CEST 2017
Arch Linux Security Advisory ASA-201706-6
Date : 2017-06-06
CVE-ID : CVE-2017-5664
Package : tomcat7
Type : access restriction bypass
Remote : Yes
Link : https://security.archlinux.org/AVG-290
The package tomcat7 before version 7.0.78-1 is vulnerable to access
Upgrade to 7.0.78-1.
# pacman -Syu "tomcat7>=7.0.78-1"
The problem has been fixed upstream in version 7.0.78.
A security issue has been found in Apache Tomcat < 7.0.18 and < 8.0.44.
The error page mechanism of the Java Servlet Specification requires
that, when an error occurs and an error page is configured for the
error that occurred, the original request and response are forwarded to
the error page. This means that the request is presented to the error
page with the original HTTP method. If the error page is a static file,
expected behaviour is to serve the content of the file as if processing
a GET request, regardless of the actual HTTP method. Tomcat's Default
Servlet did not do this. Depending on the original request this could
lead to unexpected and undesirable results for static error pages
including, if the DefaultServlet is configured to permit writes, the
replacement or removal of the custom error page.
A remote attacker can alter, replace or remove the custom error page of
an affected server by sending an HTTP request with a specific method.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the manjaro-security