Amazon Linux AMI : tomcat8 (ALAS-2017-854)
Medium Nessus Plugin ID 101271
SynopsisThe remote Amazon Linux AMI host is missing a security update.
DescriptionSecurity constrained bypass in error page mechanism :
A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664)
SolutionRun 'yum update tomcat8' to update your system.