CVE-2017-15706

Publication date 31 January 2018

Last updated 24 July 2024


Ubuntu priority

Negligible

Why this priority?

Cvss 3 Severity Score

5.3 · Medium

Score breakdown

As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correct. As a result, some scripts may have failed to execute as expected and other scripts may have been executed unexpectedly. Note that the behaviour of the CGI servlet has remained unchanged in this regard. It is only the documentation of the behaviour that was wrong and has been corrected.

Status

Package Ubuntu Release Status
tomcat7 18.04 LTS bionic
Not affected
17.10 artful
Not affected
16.04 LTS xenial
Not affected
14.04 LTS trusty
Not affected
tomcat8 18.04 LTS bionic
Not affected
17.10 artful
Fixed 8.5.21-1ubuntu1.1
16.04 LTS xenial
Not affected
14.04 LTS trusty Not in release
tomcat8.0 18.04 LTS bionic Not in release
17.10 artful Ignored end of life
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
tomcat7
tomcat8
tomcat8.0

Severity score breakdown

Parameter Value
Base score 5.3 · Medium
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact Low
Availability impact None
Vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N