Updated tomcat packages fix security vulnerability
Publication date: 29 Jun 2017Modification date: 29 Jun 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-5664
Description
Aniket Nandkishor Kulkarni discovered that in tomcat7, static error pages used the original request's HTTP method to serve content, instead of systematically using the GET method. This could under certain conditions result in undesirable results, including the replacement or removal of the custom error page (CVE-2017-5664).
References
SRPMS
5/core
- tomcat-7.0.78-1.mga5