Amazon Linux AMI : tomcat7 / tomcat8 (ALAS-2017-903)
Medium Nessus Plugin ID 103600
SynopsisThe remote Amazon Linux AMI host is missing a security update.
Vary header not added by CORS filter leading to cache poisoning
The CORS Filter in Apache Tomcat did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances. (CVE-2017-7674)
SolutionRun 'yum update tomcat7' to update your system.
Run 'yum update tomcat8' to update your system.