admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-12-13 23:37:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2017/7xxx/CVE-2017-7674.json
CVE Team ac736da829
- Synchronized data.
2017-12-01 17:02:30 -05:00

80 lines
2.4 KiB
JSON
Raw Blame History

{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"DATE_PUBLIC" : "2017-08-10T00:00:00",
"ID" : "CVE-2017-7674",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Tomcat",
"version" : {
"version_data" : [
{
"version_value" : "9.0.0.M1 to 9.0.0.M21"
},
{
"version_value" : "8.5.0 to 8.5.15"
},
{
"version_value" : "8.0.0.RC1 to 8.0.44"
},
{
"version_value" : "7.0.41 to 7.0.78"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cache Poisoning"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://lists.apache.org/thread.html/22b4bb077502f847e2b9fcf00b96e81e734466ab459780ff73b60c0f@%3Cannounce.tomcat.apache.org%3E"
},
{
"url" : "http://www.debian.org/security/2017/dsa-3974"
},
{
"url" : "https://access.redhat.com/errata/RHSA-2017:3081"
},
{
"url" : "http://www.securityfocus.com/bid/100280"
}
]
}
}
Reference in New Issue View Git Blame Copy Permalink