Apache Security Updates for Apache Tomcat

The Apache Foundation released security updates to address multiple vulnerabilities in Apache Tomcat that, if exploited successfully, could allow a remote attacker to access sensitive information or cause a denial-of-service condition.The NJCCIC recommends all Apache Tomcat users and administrators review the announcements on apache.org and apply the necessary updates.

CVE-2017-5648: Information disclosure vulnerability. (LOW) 

  • Affects Apache Tomcat versions 7.0.0 to 7.0.75, 8.0.0.RC1 to 8.0.41, 8.5.0 to 8.5.11, 9.0.0.M1 to 9.0.0.M17

CVE-2017-5650: Denial-of-service vulnerability. (MODERATE) 

  • Affects Apache Tomcat versions 8.5.0 to 8.5.12 and 9.0.0.M1 to 9.0.0.M18

CVE-2017-5651: Information disclosure vulnerability. (MODERATE) 

  • Affects Apache Tomcat versions 8.5.0 to 8.5.12, 9.0.0.M1 to 9.0.0.M18