UBUNTU-CVE-2017-5648

Source
https://ubuntu.com/security/CVE-2017-5648
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-5648.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2017-5648
Related
Published
2017-04-17T00:00:00Z
Modified
2024-10-15T14:06:14Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application.

References

Affected packages

Ubuntu:14.04:LTS / tomcat7

Package

Name
tomcat7
Purl
pkg:deb/ubuntu/tomcat7?arch=src?distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.0.52-1ubuntu0.13

Affected versions

7.*

7.0.42-1
7.0.47-1
7.0.50-1
7.0.52-1
7.0.52-1ubuntu0.1
7.0.52-1ubuntu0.3
7.0.52-1ubuntu0.6
7.0.52-1ubuntu0.7
7.0.52-1ubuntu0.8
7.0.52-1ubuntu0.9
7.0.52-1ubuntu0.10
7.0.52-1ubuntu0.11

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "7.0.52-1ubuntu0.13",
            "binary_name": "libservlet3.0-java"
        },
        {
            "binary_version": "7.0.52-1ubuntu0.13",
            "binary_name": "libservlet3.0-java-doc"
        },
        {
            "binary_version": "7.0.52-1ubuntu0.13",
            "binary_name": "libtomcat7-java"
        },
        {
            "binary_version": "7.0.52-1ubuntu0.13",
            "binary_name": "tomcat7"
        },
        {
            "binary_version": "7.0.52-1ubuntu0.13",
            "binary_name": "tomcat7-admin"
        },
        {
            "binary_version": "7.0.52-1ubuntu0.13",
            "binary_name": "tomcat7-common"
        },
        {
            "binary_version": "7.0.52-1ubuntu0.13",
            "binary_name": "tomcat7-docs"
        },
        {
            "binary_version": "7.0.52-1ubuntu0.13",
            "binary_name": "tomcat7-examples"
        },
        {
            "binary_version": "7.0.52-1ubuntu0.13",
            "binary_name": "tomcat7-user"
        }
    ]
}

Ubuntu:16.04:LTS / tomcat8

Package

Name
tomcat8
Purl
pkg:deb/ubuntu/tomcat8?arch=src?distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.32-1ubuntu1.5

Affected versions

8.*

8.0.26-1
8.0.28-1
8.0.30-1
8.0.32-1
8.0.32-1ubuntu1
8.0.32-1ubuntu1.1
8.0.32-1ubuntu1.2
8.0.32-1ubuntu1.3
8.0.32-1ubuntu1.4

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "8.0.32-1ubuntu1.5",
            "binary_name": "libservlet3.1-java"
        },
        {
            "binary_version": "8.0.32-1ubuntu1.5",
            "binary_name": "libservlet3.1-java-doc"
        },
        {
            "binary_version": "8.0.32-1ubuntu1.5",
            "binary_name": "libtomcat8-java"
        },
        {
            "binary_version": "8.0.32-1ubuntu1.5",
            "binary_name": "tomcat8"
        },
        {
            "binary_version": "8.0.32-1ubuntu1.5",
            "binary_name": "tomcat8-admin"
        },
        {
            "binary_version": "8.0.32-1ubuntu1.5",
            "binary_name": "tomcat8-common"
        },
        {
            "binary_version": "8.0.32-1ubuntu1.5",
            "binary_name": "tomcat8-docs"
        },
        {
            "binary_version": "8.0.32-1ubuntu1.5",
            "binary_name": "tomcat8-examples"
        },
        {
            "binary_version": "8.0.32-1ubuntu1.5",
            "binary_name": "tomcat8-user"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / tomcat7

Package

Name
tomcat7
Purl
pkg:deb/ubuntu/tomcat7?arch=src?distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.0.64-1
7.0.68-1
7.0.68-1ubuntu0.1
7.0.68-1ubuntu0.3
7.0.68-1ubuntu0.4
7.0.68-1ubuntu0.4+esm1
7.0.68-1ubuntu0.4+esm2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:18.04:LTS / tomcat8

Package

Name
tomcat8
Purl
pkg:deb/ubuntu/tomcat8?arch=src?distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.5.21-1ubuntu1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "8.5.21-1ubuntu1",
            "binary_name": "libservlet3.1-java"
        },
        {
            "binary_version": "8.5.21-1ubuntu1",
            "binary_name": "libservlet3.1-java-doc"
        },
        {
            "binary_version": "8.5.21-1ubuntu1",
            "binary_name": "libtomcat8-embed-java"
        },
        {
            "binary_version": "8.5.21-1ubuntu1",
            "binary_name": "libtomcat8-java"
        },
        {
            "binary_version": "8.5.21-1ubuntu1",
            "binary_name": "tomcat8"
        },
        {
            "binary_version": "8.5.21-1ubuntu1",
            "binary_name": "tomcat8-admin"
        },
        {
            "binary_version": "8.5.21-1ubuntu1",
            "binary_name": "tomcat8-common"
        },
        {
            "binary_version": "8.5.21-1ubuntu1",
            "binary_name": "tomcat8-docs"
        },
        {
            "binary_version": "8.5.21-1ubuntu1",
            "binary_name": "tomcat8-examples"
        },
        {
            "binary_version": "8.5.21-1ubuntu1",
            "binary_name": "tomcat8-user"
        }
    ]
}