Advisories » MGASA-2017-0117

Updated tomcat packages fix security vulnerability

Publication date: 27 Apr 2017
Modification date: 27 Apr 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-5647 , CVE-2017-5648

Description

A bug in the handling of the pipelined requests when send file was used
resulted in the pipelined request being lost when send file processing of
the previous request completed. This could result in responses appearing
to be sent for the wrong request. For example, a user agent that sent
requests A, B and C could see the correct response for request A, the
response for request C for request B and no response for request C
(CVE-2017-5647).

While investigating bug 60718, it was noticed that some calls to
application listeners did not use the appropriate facade object. When
running an untrusted application under a SecurityManager, it was therefore
possible for that untrusted application to retain a reference to the
request or response object and thereby access and/or modify information
associated with another web application (CVE-2017-5648).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=20655
• http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.77
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5647
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5648

SRPMS

5/core

• tomcat-7.0.77-1.mga5