CVE-2017-7675

Summary

The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Tomcat9.0.0.M1 to 9.0.0.M21affected
Apache Software FoundationApache Tomcat8.5.0 to 8.5.15affected

Weaknesses

  • Information Disclosure

ADP Enrichment

CVE Program Container

Additional References

References