Source: tomcat8 Version: 8.0.14-1 Severity: important Tags: upstream security
Hi, the following vulnerability was published for tomcat8. CVE-2017-5648[0]: |While investigating bug 60718, it was noticed that some calls to |application listeners did not use the appropriate facade object. When |running an untrusted application under a SecurityManager, it was |therefore possible for that untrusted application to retain a |reference to the request or response object and thereby access and/or |modify information associated with another web application. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-5648 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5648 Regards, Salvatore