Amazon Linux AMI : tomcat7 (ALAS-2017-853)
Medium Nessus Plugin ID 101270
SynopsisThe remote Amazon Linux AMI host is missing a security update.
DescriptionSecurity constrained bypass in error page mechanism :
A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664)
SolutionRun 'yum update tomcat7' to update your system.