Apache Tomcat 7.0.x < 7.0.78 / 8.0.x < 8.0.44 / 8.5.x < 8.5.15 Remote Error Page Manipulation

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Apache Tomcat server is affected by a remote error page
manipulation vulnerability.

Description :

According to its self-reported version number, the Apache Tomcat
service running on the remote host is 7.0.x prior to 7.0.78, 8.0.x
prior to 8.0.44, or 8.5.x prior to 8.5.15. It is, therefore, affected
by an implementation flaw in the error page reporting mechanism in
which it does not conform to the Java Servlet Specification that
requires static error pages to be processed as an HTTP GET request
nothwithstanding the HTTP request method that was originally used when
the error occurred. Depending on the original request and the
configuration of the Default Servlet, an unauthenticated, remote
attacker can exploit this issue to replace or remove custom error
pages.

Note that Nessus has not attempted to exploit this issue but has
instead relied only on the application's self-reported version number.

See also :

http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.78
http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.44
http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.15

Solution :

Upgrade to Apache Tomcat version 7.0.78 / 8.0.44 / 8.5.15 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 100681 ()

Bugtraq ID: 98888

CVE ID: CVE-2017-5664

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now