Advisories » MGASA-2017-0196

Updated tomcat packages fix security vulnerability

Publication date: 29 Jun 2017
Modification date: 29 Jun 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-5664

Description

Aniket Nandkishor Kulkarni discovered that in tomcat7, static error
pages used the original request's HTTP method to serve content, instead
of systematically using the GET method. This could under certain
conditions result in undesirable results, including the replacement or
removal of the custom error page (CVE-2017-5664).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=21131
• http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.78
• https://www.debian.org/security/2017/dsa-3892
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5664

SRPMS

5/core

• tomcat-7.0.78-1.mga5