cvelist/2017/7xxx/CVE-2017-7674.json

{
   "CVE_data_meta" : {
      "ASSIGNER" : "security@apache.org",
      "DATE_PUBLIC" : "2017-08-10T00:00:00",
      "ID" : "CVE-2017-7674",
      "STATE" : "PUBLIC"
   },
   "affects" : {
      "vendor" : {
         "vendor_data" : [
            {
               "product" : {
                  "product_data" : [
                     {
                        "product_name" : "Tomcat",
                        "version" : {
                           "version_data" : [
                              {
                                 "version_value" : "9.0.0.M1 to 9.0.0.M21"
                              },
                              {
                                 "version_value" : "8.5.0 to 8.5.15"
                              },
                              {
                                 "version_value" : "8.0.0.RC1 to 8.0.44"
                              },
                              {
                                 "version_value" : "7.0.41 to 7.0.78"
                              }
                           ]
                        }
                     }
                  ]
               },
               "vendor_name" : "Apache Software Foundation"
            }
         ]
      }
   },
   "data_format" : "MITRE",
   "data_type" : "CVE",
   "data_version" : "4.0",
   "description" : {
      "description_data" : [
         {
            "lang" : "eng",
            "value" : "The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances."
         }
      ]
   },
   "problemtype" : {
      "problemtype_data" : [
         {
            "description" : [
               {
                  "lang" : "eng",
                  "value" : "Cache Poisoning"
               }
            ]
         }
      ]
   },
   "references" : {
      "reference_data" : [
         {
            "name" : "[announce] 20170810 [SECURITY] CVE-2017-7674 Apache Tomcat Cache Poisoning",
            "refsource" : "MLIST",
            "url" : "https://lists.apache.org/thread.html/22b4bb077502f847e2b9fcf00b96e81e734466ab459780ff73b60c0f@%3Cannounce.tomcat.apache.org%3E"
         },
         {
            "name" : "DSA-3974",
            "refsource" : "DEBIAN",
            "url" : "http://www.debian.org/security/2017/dsa-3974"
         },
         {
            "name" : "RHSA-2017:3081",
            "refsource" : "REDHAT",
            "url" : "https://access.redhat.com/errata/RHSA-2017:3081"
         },
         {
            "name" : "RHSA-2017:1801",
            "refsource" : "REDHAT",
            "url" : "https://access.redhat.com/errata/RHSA-2017:1801"
         },
         {
            "name" : "RHSA-2017:1802",
            "refsource" : "REDHAT",
            "url" : "https://access.redhat.com/errata/RHSA-2017:1802"
         },
         {
            "name" : "100280",
            "refsource" : "BID",
            "url" : "http://www.securityfocus.com/bid/100280"
         }
      ]
   }
}
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`{`
			`"CVE_data_meta" : {`
			`"ASSIGNER" : "security@apache.org",`
- Populated assignment information for various entries. 2017-10-16 16:44:18 -04:00			`"DATE_PUBLIC" : "2017-08-10T00:00:00",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"ID" : "CVE-2017-7674",`
			`"STATE" : "PUBLIC"`
			`},`
			`"affects" : {`
			`"vendor" : {`
			`"vendor_data" : [`
			`{`
			`"product" : {`
			`"product_data" : [`
			`{`
- Populated assignment information for various entries. 2017-10-16 16:44:18 -04:00			`"product_name" : "Tomcat",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"version" : {`
			`"version_data" : [`
			`{`
- Populated assignment information for various entries. 2017-10-16 16:44:18 -04:00			`"version_value" : "9.0.0.M1 to 9.0.0.M21"`
			`},`
			`{`
			`"version_value" : "8.5.0 to 8.5.15"`
			`},`
			`{`
			`"version_value" : "8.0.0.RC1 to 8.0.44"`
			`},`
			`{`
			`"version_value" : "7.0.41 to 7.0.78"`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
- Populated assignment information for various entries. 2017-10-16 16:44:18 -04:00			`"vendor_name" : "Apache Software Foundation"`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`}`
			`]`
			`}`
			`},`
			`"data_format" : "MITRE",`
			`"data_type" : "CVE",`
			`"data_version" : "4.0",`
			`"description" : {`
			`"description_data" : [`
			`{`
			`"lang" : "eng",`
			`"value" : "The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances."`
			`}`
			`]`
			`},`
			`"problemtype" : {`
			`"problemtype_data" : [`
			`{`
			`"description" : [`
			`{`
			`"lang" : "eng",`
- Populated assignment information for various entries. 2017-10-16 16:44:18 -04:00			`"value" : "Cache Poisoning"`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`}`
			`]`
			`}`
			`]`
			`},`
			`"references" : {`
			`"reference_data" : [`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "[announce] 20170810 [SECURITY] CVE-2017-7674 Apache Tomcat Cache Poisoning",`
			`"refsource" : "MLIST",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "https://lists.apache.org/thread.html/22b4bb077502f847e2b9fcf00b96e81e734466ab459780ff73b60c0f@%3Cannounce.tomcat.apache.org%3E"`
			`},`
- Synchronized data. 2017-11-03 15:04:18 -04:00			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "DSA-3974",`
			`"refsource" : "DEBIAN",`
- Synchronized data. 2017-11-03 15:04:18 -04:00			`"url" : "http://www.debian.org/security/2017/dsa-3974"`
			`},`
- Synchronized data. 2017-12-01 17:02:30 -05:00			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "RHSA-2017:3081",`
			`"refsource" : "REDHAT",`
- Synchronized data. 2017-12-01 17:02:30 -05:00			`"url" : "https://access.redhat.com/errata/RHSA-2017:3081"`
			`},`
- Synchronized data. 2018-01-04 15:05:12 -05:00			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "RHSA-2017:1801",`
			`"refsource" : "REDHAT",`
- Synchronized data. 2018-01-04 15:05:12 -05:00			`"url" : "https://access.redhat.com/errata/RHSA-2017:1801"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "RHSA-2017:1802",`
			`"refsource" : "REDHAT",`
- Synchronized data. 2018-01-04 15:05:12 -05:00			`"url" : "https://access.redhat.com/errata/RHSA-2017:1802"`
			`},`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "100280",`
			`"refsource" : "BID",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"url" : "http://www.securityfocus.com/bid/100280"`
			`}`
			`]`
			`}`
			`}`