PublicDateAtUSN: 2018-01-31
Candidate: CVE-2017-15706
PublicDate: 2018-01-31 14:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15706
 https://lists.apache.org/thread.html/e1ef853fc0079cdb55befbd2dac042934e49288b476d5f6a649e5da2@%3Cannounce.tomcat.apache.org%3E
 https://ubuntu.com/security/notices/USN-3665-1
Description:
 As part of the fix for bug 61201, the documentation for Apache Tomcat
 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82
 included an updated description of the search algorithm used by the CGI
 Servlet to identify which script to execute. The update was not correct. As
 a result, some scripts may have failed to execute as expected and other
 scripts may have been executed unexpectedly. Note that the behaviour of the
 CGI servlet has remained unchanged in this regard. It is only the
 documentation of the behaviour that was wrong and has been corrected.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802312
Priority: negligible
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N [5.3 MEDIUM]


Patches_tomcat7:
 upstream: https://svn.apache.org/r1814828 (7.0.x)
upstream_tomcat7: needs-triage
precise/esm_tomcat7: DNE
trusty_tomcat7: not-affected
trusty/esm_tomcat7: not-affected
xenial_tomcat7: not-affected
artful_tomcat7: not-affected
bionic_tomcat7: not-affected
devel_tomcat7: not-affected

Patches_tomcat8:
 upstream: https://svn.apache.org/r1814827 (8.0.x)
 upstream: https://svn.apache.org/r1814826 (8.5.x)
upstream_tomcat8: released (8.5.24-1)
precise/esm_tomcat8: DNE
trusty_tomcat8: DNE
trusty/esm_tomcat8: DNE
xenial_tomcat8: not-affected (8.0.32-1ubuntu1.5)
esm-infra/xenial_tomcat8: not-affected (8.0.32-1ubuntu1.5)
artful_tomcat8: released (8.5.21-1ubuntu1.1)
bionic_tomcat8: not-affected (8.5.30-1ubuntu1)
devel_tomcat8: not-affected (8.5.30-1ubuntu2)

Patches_tomcat8.0:
 upstream: https://svn.apache.org/r1814827 (8.0.x)
 upstream: https://svn.apache.org/r1814826 (8.5.x)
upstream_tomcat8.0: needs-triage
precise/esm_tomcat8.0: DNE
trusty_tomcat8.0: DNE
trusty/esm_tomcat8.0: DNE
xenial_tomcat8.0: DNE
artful_tomcat8.0: ignored (reached end-of-life)
bionic_tomcat8.0: DNE
devel_tomcat8.0: DNE