Korean
<< Back
VID 22838
Severity 30
Port 80, ...
Protocol TCP
Class WWW
Detailed Description The version of Apache Tomcat installed on the remote host is 9.0.x prior to 9.0.2. It is, therefore, affected by a flaw that is due to the program containing an incorrect description for the CGI Servlet search algorithm, which may cause an administrator to leave the system in an insecure state.

* References:
http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.2

* Platforms Affected:
Apache Tomcat Server versions 9.0.x prior to 9.0.2
Any operating system Any version
Recommendation Upgrade to the latest version of Apache Tomcat Server (9.0.2 or later), available from the Apache Software Foundation download site, http://tomcat.apache.org/
Related URL CVE-2017-15706 (CVE)
Related URL 173866 (SecurityFocus)
Related URL (ISS)