CVE-2017-7674

medium

Apache

CVSS v3 Base Score

4.3

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

EPSS Score

5.9%

Exploitation probability in 30 days

Top 9% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Confidentiality

None

Integrity

Low

Availability

None

Published: August 11, 2017 (3199 days ago)

Last Modified: May 13, 2026

Vendor: Apache

Source: NVD

Description

The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances.

CWE

CWE-345

Affected Products

apache tomcat

References

🔗 www.debian.org 🔗 www.oracle.com 🔗 www.securityfocus.com 🔗 access.redhat.com 🔗 access.redhat.com

CVE-2017-7674

Vulnerability Report

Description

CWE

Affected Products

References