CVE-2017-7675 Apache Tomcat Cache Poisoning
Vendor: The Apache Software Foundation
Apache Tomcat 9.0.0.M1 to 9.0.0.M21
Apache Tomcat 8.5.0 to 8.5.15
The HTTP/2 implementation bypassed a number of security checks that
prevented directory traversal attacks. It was therefore possible to
bypass security constraints using an specially crafted URL.
Users of the affected versions should apply one of the following
- Upgrade to Apache Tomcat 9.0.0.M22 or later
- Upgrade to Apache Tomcat 8.5.16 or later
The issue was reported as Bug 61120 and the security implications
identified by the Apache Tomcat Security Team.
2017-08-10 Original advisory