CVE-2017-5664 — Improper Handling of Exceptional Conditions in Software Foundation Apache Tomcat
Severity
7.5HIGHNVD
EPSS
10.8%
top 6.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 6
Latest updateMay 13
Description
The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache …
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6
Affected Packages2 packages
🔴Vulnerability Details
5CVEList▶
CVE-2017-5664: The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occu↗2017-06-06
OSV▶
CVE-2017-5664: The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occu↗2017-06-06
📋Vendor Advisories
4💬Community
3Bugzilla
▶
Bugzilla
▶