icon

We found results for “

CVE-2017-7674

Good to know:

icon
icon

Date: August 10, 2017

The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances.

Language: Java

Severity Score

Severity Score

Weakness Type (CWE)

Insufficient Verification of Data Authenticity

CWE-345

Top Fix

icon

Upgrade Version

Upgrade to version org.apache.tomcat.embed:tomcat-embed-core:9.0.0.M22,8.5.16,8.0.45,7.0.79,org.apache.tomcat:tomcat-catalina:9.0.0.M22,8.5.16,8.0.45,7.0.79

Learn More

CVSS v3

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privilegs Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): LOW
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us