Bug#860069: tomcat8: CVE-2017-5648
Salvatore Bonaccorso
carnil at debian.org
Tue Apr 11 04:44:58 UTC 2017
Source: tomcat8
Version: 8.0.14-1
Severity: important
Tags: upstream security
Hi,
the following vulnerability was published for tomcat8.
CVE-2017-5648[0]:
|While investigating bug 60718, it was noticed that some calls to
|application listeners did not use the appropriate facade object. When
|running an untrusted application under a SecurityManager, it was
|therefore possible for that untrusted application to retain a
|reference to the request or response object and thereby access and/or
|modify information associated with another web application.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-5648
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5648
Regards,
Salvatore
More information about the pkg-java-maintainers
mailing list