[Bug 1540828] New: CVE-2017-15706 tomcat: Incorrect documentation of CGI Servlet search algorithm may lead to misconfiguration
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1540828
Bug ID: 1540828
Summary: CVE-2017-15706 tomcat: Incorrect documentation of CGI
Servlet search algorithm may lead to misconfiguration
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: sfowler(a)redhat.com
CC: alee(a)redhat.com, apintea(a)redhat.com,
bkundal(a)redhat.com, bmaxwell(a)redhat.com,
ccoleman(a)redhat.com, cdewolf(a)redhat.com,
chazlett(a)redhat.com, csutherl(a)redhat.com,
darran.lofthouse(a)redhat.com, dedgar(a)redhat.com,
dimitris(a)redhat.com, dmcphers(a)redhat.com,
dosoudil(a)redhat.com, fgavrilo(a)redhat.com,
gzaronik(a)redhat.com, hchiorea(a)redhat.com,
hhorak(a)redhat.com, ivan.afonichev(a)gmail.com,
java-sig-commits(a)lists.fedoraproject.org,
jawilson(a)redhat.com, jclere(a)redhat.com,
jcoleman(a)redhat.com, jdoyle(a)redhat.com,
jgoulding(a)redhat.com, jolee(a)redhat.com,
jondruse(a)redhat.com, jorton(a)redhat.com,
jshepherd(a)redhat.com, jstastny(a)redhat.com,
krzysztof.daniel(a)gmail.com, lgao(a)redhat.com,
mbabacek(a)redhat.com, me(a)coolsvap.net,
mizdebsk(a)redhat.com, myarboro(a)redhat.com,
nwallace(a)redhat.com, pavelp(a)redhat.com,
pgier(a)redhat.com, pjurak(a)redhat.com,
ppalaga(a)redhat.com, psakar(a)redhat.com,
pslavice(a)redhat.com, rnetuka(a)redhat.com,
rstancel(a)redhat.com, rsvoboda(a)redhat.com,
sstavrev(a)redhat.com, twalsh(a)redhat.com,
vhalbert(a)redhat.com, vtunka(a)redhat.com,
weli(a)redhat.com
The description of the search algorithm used by the CGI Servlet to identify
which script to execute was incorrect. As a result, some scripts may have
failed to execute as expected and other scripts may have been executed
unexpectedly. Note that it is only the documentation that was incorrect, the
behaviour of the CGI servlet remains unchanged.
Versions Affected:
Apache Tomcat 9.0.0.M22 to 9.0.1
Apache Tomcat 8.5.16 to 8.5.23
Apache Tomcat 8.0.45 to 8.0.47
Apache Tomcat 7.0.79 to 7.0.82
Upstream Advisory:
http://tomcat.10.x6.nabble.com/SECURITY-CVE-2017-15706-Apache-Tomcat-Inco...
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 1 month