DSA-3843-1 tomcat8 -- tomcat8ID: oval:org.secpod.oval:def:602869 | Date: (C)2017-05-05 (M)2023-12-20 |
Class: PATCH | Family: unix |
Two vulnerabilities were discovered in tomcat8, a servlet and JSP engine. CVE-2017-5647 Pipelined requests were processed incorrectly, which could result in some responses appearing to be sent for the wrong request. CVE-2017-5648 Some application listeners calls were issued against the wrong objects, allowing untrusted applications running under a SecurityManager to bypass that protection mechanism and access or modify information associated with other web applications.