{"id":"MGASA-2017-0196","summary":"Updated tomcat packages fix security vulnerability","details":"Aniket Nandkishor Kulkarni discovered that in tomcat7, static error\npages used the original request's HTTP method to serve content, instead\nof systematically using the GET method. This could under certain\nconditions result in undesirable results, including the replacement or\nremoval of the custom error page (CVE-2017-5664).\n","modified":"2026-04-16T06:26:12.699306607Z","published":"2017-06-29T21:40:57Z","upstream":["CVE-2017-5664"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0196.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=21131"},{"type":"WEB","url":"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.78"},{"type":"WEB","url":"https://www.debian.org/security/2017/dsa-3892"}],"affected":[{"package":{"name":"tomcat","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/tomcat?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.0.78-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0196.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}