CVE-2017-5664

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-5664
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-5664.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-5664
Aliases
Related
Published
2017-06-06T14:29:00Z
Modified
2024-09-02T23:56:33Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat 9.0.0.M1 to 9.0.0.M20, 8.5.0 to 8.5.14, 8.0.0.RC1 to 8.0.43 and 7.0.0 to 7.0.77 did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the HTTP method. JSPs used as error pages must must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method.

References

Affected packages

Git / github.com/apache/tomcat

Affected ranges

Type
GIT
Repo
https://github.com/apache/tomcat
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0002c728a93f7866b8e3ecf00d5a008327acdc66
Last affected
009cf0448025b6227b026e66f5351f0dcb3dd733
Last affected
00ad08058c70b08a9c18555e793d3b6da76d10aa
Last affected
04d13f45b4268945a0bee7a56fc4cf3782db0c71
Last affected
05e76dc1b6edcc2fa87d95de72a8a714267e462d
Last affected
08611c1dab45979e3e68c25b898f9dcb82888da1
Last affected
0b2140180148548e012498e2d7c074fb9d208beb
Last affected
10e04de1946981261a734507f4a6d953e2a206fe
Last affected
12bb2050e3694a795f19395d320f406368f09367
Last affected
18b014d8691909be6153ae7db022a6c35f9c93ea
Last affected
1958059057715d26415839cabad78e685d4d02f1
Last affected
20bd21830dfe7864cac78acb1b7c825baa11bd85
Last affected
20ec6f6f034bb5eebe4f1b52140b680aaff6f380
Last affected
22a6f7d8e615b6cfca151b70e8893c9324e17cc5
Last affected
247f896633a8a84e2e389d055980fb90cfebffa1
Last affected
29b07def810d335012e738b22ab44d4e232b50d1
Last affected
2b858c0fce0db18ca733b161d7428f2cca214841
Last affected
30a7e7f7b48aa5f9f4a559635966d70901b5f51d
Last affected
3477614af783b612341fa6bc00c16b32d1791de8
Last affected
37f91884c4cdaee56669c5ffa51b547847b1aa4e
Last affected
389365303d986b2a918bc95f39421b27a2c9ff30
Last affected
3e5565173dfe107f90419ab63bd4e2e7edc9deb4
Last affected
4178d385e09435a88ac34cf7025526b7f0055c55
Last affected
45f8fd74cdb96490fab8709263a4d862f0d429cf
Last affected
47af1012111595546f31d9096a37a839f93caa62
Last affected
4a39288c6eab999452c72af9fd1a0c12b054ca9f
Last affected
4d09baa427e4f70a3198eb06bae39d3b81d52290
Last affected
506ab576d6e086286b79ca7ddebe679223ec3f9f
Last affected
511d6f15e4254f3af12c75e5199b66448342eabf
Last affected
53728ececd4dc0134c2e17de849db53ce08219c9
Last affected
59e713216cf2256aacc54f6ba627865f356f9e4e
Last affected
5e096bfd5a387f057766dc6b5217feae75b08331
Last affected
5f6f258107e7e463cce41187e13474f3c894693e
Last affected
600dc8ba5d9be7599d29bff83c342213d93b034e
Last affected
61ff12fb282b1d00593b8d16e94ab8ec02f8d5be
Last affected
65ddc3a3872ea41ca67fec7b6834c704b6893361
Last affected
66a6ce81eaf86fdaeb2e218f985f3de50da53ac0
Last affected
68e114cf9fe0a83a888099c084b3036040afa518
Last affected
6b77b128188a5ed033da2998ff2f47f65aa4f7f8
Last affected
6ba80e64fca2badb0a0630f36969365a32a50808
Last affected
6e2c7f6227de95874c79f77bafe5ed26dfeb4021
Last affected
6ebe68b8319cbd8c4fa9b629f38b10c09ca38b61
Last affected
72a8a7c601a7bff56723650d5bb1e353d095af3d
Last affected
73268e886373568fb0c2a150dbbcaf088a2443fb
Last affected
7a9d8339c97790213f81b43d91606f38be743617
Last affected
7b9e8b1024e03903deca4b4cdd52f368463c723b
Last affected
7cfeba335a41dd3b0e423f12534e5936c461711c
Last affected
7dc5e29fe49850102261badf158752d6865311e4
Last affected
7e8629b4ff4152ae6285fa184745e9a1382ca440
Last affected
7f5cc05a61f85b195032fb1edef692fca2512d26
Last affected
80083369bb8178efc49374a65d7eb73465e77f8b
Last affected
810f549234921d7f3af43c1604f523eec27eeacb
Last affected
81d3e54a46de226a5a8f11bcc65195cddcc24f96
Last affected
85cfeb746b8ea0d0e51cc4ced6053075f5460a36
Last affected
86ecd2ad87b805992b9e4c2f2317feaab7a1e3fb
Last affected
892c777b9d5c051dc20aacfefc280ab02dbe2143
Last affected
89b28f6ba651c13de6d63f615b23a33b2877f7ac
Last affected
8b83cefaf2a454706f03f509944ca46103db4d13
Last affected
8c48678b110f3fbbe66f6dde0e45d2578fa92c29
Last affected
8d84136656655a20287cf2dac6ec7fd047979de5
Last affected
9c5edb840d9413c1408e7c191bc0e1bbfcd9e07f
Last affected
9e0d31f12dbd5441097dbec493895ad4e07a6832
Last affected
9f62bc56a0887353e58579153a30c64c5369efdb
Last affected
a6d2ed3eef40903b661d138ae7c8fbd9790d1928
Last affected
aac670afe1226e10513021100fce8a12344743c6
Last affected
ab66216975257e473e5bf4e9a7a59254c905c880
Last affected
aba238718ac9b149d25feaa9a14ecad3b0e3a5e2
Last affected
ad3da1182b0ed370ec233b925c69dcee826a9efe
Last affected
b5205c92f41dfd9a67f78bc783db7b022e38226c
Last affected
b5a74e3c7913c560648f0ffedfbbb3ebe4318def
Last affected
b7b373b84f1b80602ed62fb056be7c7ce429a15c
Last affected
b7d6e626d03f61ccd6c92e8ea28df12e67d256e6
Last affected
ba53773f48f31de787edb559db38e3e02d7efffd
Last affected
bb7683de19c1e441f7f9b986ae5a64a44977b27b
Last affected
bc8b8705a9713cbd0232ab2d326d96ceb4aef1ad
Last affected
bdd72e8bc872876689e41631e47942366ca03364
Last affected
be7e6137267298d6a7b1b3cd2cb1f3f605f9162b
Last affected
c1c4a30d1cc369b918ee86c34ee09ff62c7c6ca6
Last affected
c2c8107f0cea4755497a85990807b883b66f6b57
Last affected
c6a2c4ed296c7f8839b72e8e31cb53b84102d02c
Last affected
c7b84102600d600bcc527560d9c4d10c3fd440ab
Last affected
c845090723d1118dbce1928f9468e1726b79c3b1
Last affected
d0c85cd043679c7330066306600b32aa03c22ca3
Last affected
d1dc05e934e089ea8907998cf850760017a0ed82
Last affected
d70fcee0390d1a82b108979d26a7a397a7418bc7
Last affected
d8ebf61e51b4455e3c226751e492a533f9002d48
Last affected
dcd9daab64a7b557b989a1e0001ffaae0254c8bc
Last affected
ddd8de1c64ef852caca10ab876fed02cfe827ef1
Last affected
ddf8c1d016b2fe81f923ed3d9628ba63ce4502a5
Last affected
de128d72af746184e035ff1b53629f08cb141a04
Last affected
de47b464201769870a06764cdd5143a59cd95302
Last affected
e0ffdd2535a8cb102c62b5db41170625e9d1bf46
Last affected
e14e9824c3087f79621a9796ddf9b3432be02858
Last affected
e37b977db6f47e4380ad67114a49e8568951c953
Last affected
e498667bd7811e846771a852b16ce9f1e524b81b
Last affected
e95b65a27af4cd6681b6dc1bf17ee5abb897610d
Last affected
eae5ead3864c4e2d528a874069828c6c12dee8a5
Last affected
ec8e60ab88259d3d51c8651a8f72a7a6b1347885
Last affected
efa0e79f82f17880c0d7427918bc34a83243dfa6
Last affected
f136158384862c99e7c37937b26bf299fd192a98
Last affected
f397fe02d89f7a10a7dc6f38f36b61bad04dfdc7
Last affected
f5dffa6e1148080fe5dc3690df917e805c72a714
Last affected
f6de6eb5445d266506fcf89d3962a622478c2c6c
Last affected
fc5bebc0cc58fcd75f3d5178be49a3abe5ae615f
Last affected
fd7f13635e6855f6ba3fead0bf37ba2fbf8b68cf
Last affected
fdeed5fdfb166f13d74a9feb7ee1ac294aaac54c
Last affected
fe0424f91a9f0af2f6422fe83bfaa769d92aa131
Last affected
fe854ab1f111396458d98fa2ab08c693ce9407e1
Last affected
feaf3763fb37e4a9176ef46a2c80e34821077884
Last affected
fec4a6d1d1f050401aec5c6a3bd0431850472d92
Last affected
ff181ab22b2b18e77ab9e0f0c2cfe5cfa59c844c