GHSA-73rx-3f9r-x949

Source

https://github.com/advisories/GHSA-73rx-3f9r-x949

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-73rx-3f9r-x949/GHSA-73rx-3f9r-x949.json

Aliases

CVE-2017-7674

Published

2022-05-14T01:10:15Z

Modified

2024-03-11T05:31:12.135729Z

Details

The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances.

References

Affected packages

Maven / org.apache.tomcat:tomcat

Package

Name: org.apache.tomcat:tomcat

Affected ranges

Type: ECOSYSTEM
Events: Introduced

9.0.0.M1

Fixed

9.0.0.M22

Affected versions

9.*

9.0.0.M1

9.0.0.M3

9.0.0.M4

9.0.0.M6

9.0.0.M8

9.0.0.M9

9.0.0.M10

9.0.0.M11

9.0.0.M13

9.0.0.M15

9.0.0.M17

9.0.0.M18

9.0.0.M19

9.0.0.M20

9.0.0.M21

Database specific

{
    "last_known_affected_version_range": "<= 9.0.0.M21"
}

Maven / org.apache.tomcat:tomcat

Package

Name: org.apache.tomcat:tomcat

Affected ranges

Type: ECOSYSTEM
Events: Introduced

8.5.0

Fixed

8.5.16

Affected versions

8.*

8.5.0

8.5.2

8.5.3

8.5.4

8.5.5

8.5.6

8.5.8

8.5.9

8.5.11

8.5.12

8.5.13

8.5.14

8.5.15

Database specific

{
    "last_known_affected_version_range": "<= 8.5.15"
}

Maven / org.apache.tomcat:tomcat

Package

Name: org.apache.tomcat:tomcat

Affected ranges

Type: ECOSYSTEM
Events: Introduced

8.0.0.RC1

Fixed

8.0.45

Affected versions

8.*

8.0.1

8.0.3

8.0.5

8.0.8

8.0.9

8.0.11

8.0.12

8.0.14

8.0.15

8.0.17

8.0.18

8.0.20

8.0.21

8.0.22

8.0.23

8.0.24

8.0.26

8.0.27

8.0.28

8.0.29

8.0.30

8.0.32

8.0.33

8.0.35

8.0.36

8.0.37

8.0.38

8.0.39

8.0.41

8.0.42

8.0.43

8.0.44

Database specific

{
    "last_known_affected_version_range": "<= 8.0.44"
}

Maven / org.apache.tomcat:tomcat

Package

Name: org.apache.tomcat:tomcat

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.0.41

Fixed

7.0.79

Affected versions

7.*

7.0.41

7.0.42

7.0.47

7.0.50

7.0.52

7.0.53

7.0.54

7.0.55

7.0.56

7.0.57

7.0.59

7.0.61

7.0.62

7.0.63

7.0.64

7.0.65

7.0.67

7.0.68

7.0.69

7.0.70

7.0.72

7.0.73

7.0.75

7.0.76

7.0.77

7.0.78

Database specific

{
    "last_known_affected_version_range": "<= 7.0.78"
}