CVE-2017-7675 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2017-7675 Interim 1 11 2025-11-05T04:01:55Z current 2021-05-30T13:55:07Z 2025-11-05T04:01:55Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2017-7675 The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Server 11 SP1 for Teradata SUSE Linux Enterprise Server 11 SP3 LTSS SUSE Linux Enterprise Server 11 SP3 for Teradata SUSE Linux Enterprise Server 11 SP4-LTSS SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12-LTSS tomcat tomcat-admin-webapps tomcat-docs-webapp tomcat-el-2_2-api tomcat-el-3_0-api tomcat-javadoc tomcat-jsp-2_2-api tomcat-jsp-2_3-api tomcat-lib tomcat-servlet-3_0-api tomcat-servlet-3_1-api tomcat-webapps tomcat6 tomcat6-admin-webapps tomcat6-docs-webapp tomcat6-javadoc tomcat6-jsp-2_1-api tomcat6-lib tomcat6-servlet-2_5-api tomcat6-webapps tomcat6 as a component of SUSE Linux Enterprise Server 11 SP1 for Teradata tomcat6 as a component of SUSE Linux Enterprise Server 11 SP3 LTSS tomcat6 as a component of SUSE Linux Enterprise Server 11 SP3 for Teradata tomcat6 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS tomcat6-admin-webapps as a component of SUSE Linux Enterprise Server 11 SP4-LTSS tomcat6-docs-webapp as a component of SUSE Linux Enterprise Server 11 SP4-LTSS tomcat6-javadoc as a component of SUSE Linux Enterprise Server 11 SP4-LTSS tomcat6-jsp-2_1-api as a component of SUSE Linux Enterprise Server 11 SP4-LTSS tomcat6-lib as a component of SUSE Linux Enterprise Server 11 SP4-LTSS tomcat6-servlet-2_5-api as a component of SUSE Linux Enterprise Server 11 SP4-LTSS tomcat6-webapps as a component of SUSE Linux Enterprise Server 11 SP4-LTSS tomcat as a component of SUSE Linux Enterprise Server 12 SP1-LTSS tomcat-admin-webapps as a component of SUSE Linux Enterprise Server 12 SP1-LTSS tomcat-docs-webapp as a component of SUSE Linux Enterprise Server 12 SP1-LTSS tomcat-el-3_0-api as a component of SUSE Linux Enterprise Server 12 SP1-LTSS tomcat-javadoc as a component of SUSE Linux Enterprise Server 12 SP1-LTSS tomcat-jsp-2_3-api as a component of SUSE Linux Enterprise Server 12 SP1-LTSS tomcat-lib as a component of SUSE Linux Enterprise Server 12 SP1-LTSS tomcat-servlet-3_1-api as a component of SUSE Linux Enterprise Server 12 SP1-LTSS tomcat-webapps as a component of SUSE Linux Enterprise Server 12 SP1-LTSS tomcat as a component of SUSE Linux Enterprise Server 12 SP2 tomcat-admin-webapps as a component of SUSE Linux Enterprise Server 12 SP2 tomcat-docs-webapp as a component of SUSE Linux Enterprise Server 12 SP2 tomcat-el-3_0-api as a component of SUSE Linux Enterprise Server 12 SP2 tomcat-javadoc as a component of SUSE Linux Enterprise Server 12 SP2 tomcat-jsp-2_3-api as a component of SUSE Linux Enterprise Server 12 SP2 tomcat-lib as a component of SUSE Linux Enterprise Server 12 SP2 tomcat-servlet-3_1-api as a component of SUSE Linux Enterprise Server 12 SP2 tomcat-webapps as a component of SUSE Linux Enterprise Server 12 SP2 tomcat as a component of SUSE Linux Enterprise Server 12 SP3 tomcat-admin-webapps as a component of SUSE Linux Enterprise Server 12 SP3 tomcat-docs-webapp as a component of SUSE Linux Enterprise Server 12 SP3 tomcat-el-3_0-api as a component of SUSE Linux Enterprise Server 12 SP3 tomcat-javadoc as a component of SUSE Linux Enterprise Server 12 SP3 tomcat-jsp-2_3-api as a component of SUSE Linux Enterprise Server 12 SP3 tomcat-lib as a component of SUSE Linux Enterprise Server 12 SP3 tomcat-servlet-3_1-api as a component of SUSE Linux Enterprise Server 12 SP3 tomcat-webapps as a component of SUSE Linux Enterprise Server 12 SP3 tomcat as a component of SUSE Linux Enterprise Server 12-LTSS tomcat-admin-webapps as a component of SUSE Linux Enterprise Server 12-LTSS tomcat-docs-webapp as a component of SUSE Linux Enterprise Server 12-LTSS tomcat-el-2_2-api as a component of SUSE Linux Enterprise Server 12-LTSS tomcat-javadoc as a component of SUSE Linux Enterprise Server 12-LTSS tomcat-jsp-2_2-api as a component of SUSE Linux Enterprise Server 12-LTSS tomcat-lib as a component of SUSE Linux Enterprise Server 12-LTSS tomcat-servlet-3_0-api as a component of SUSE Linux Enterprise Server 12-LTSS tomcat-webapps as a component of SUSE Linux Enterprise Server 12-LTSS The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL. CVE-2017-7675 SUSE Linux Enterprise Server 11 SP1 for Teradata:tomcat6 SUSE Linux Enterprise Server 11 SP3 LTSS:tomcat6 SUSE Linux Enterprise Server 11 SP3 for Teradata:tomcat6 SUSE Linux Enterprise Server 11 SP4-LTSS:tomcat6 SUSE Linux Enterprise Server 11 SP4-LTSS:tomcat6-admin-webapps SUSE Linux Enterprise Server 11 SP4-LTSS:tomcat6-docs-webapp SUSE Linux Enterprise Server 11 SP4-LTSS:tomcat6-javadoc SUSE Linux Enterprise Server 11 SP4-LTSS:tomcat6-jsp-2_1-api SUSE Linux Enterprise Server 11 SP4-LTSS:tomcat6-lib SUSE Linux Enterprise Server 11 SP4-LTSS:tomcat6-servlet-2_5-api SUSE Linux Enterprise Server 11 SP4-LTSS:tomcat6-webapps SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-admin-webapps SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-docs-webapp SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-el-3_0-api SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-javadoc SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-jsp-2_3-api SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-lib SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-servlet-3_1-api SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-webapps SUSE Linux Enterprise Server 12 SP2:tomcat SUSE Linux Enterprise Server 12 SP2:tomcat-admin-webapps SUSE Linux Enterprise Server 12 SP2:tomcat-docs-webapp SUSE Linux Enterprise Server 12 SP2:tomcat-el-3_0-api SUSE Linux Enterprise Server 12 SP2:tomcat-javadoc SUSE Linux Enterprise Server 12 SP2:tomcat-jsp-2_3-api SUSE Linux Enterprise Server 12 SP2:tomcat-lib SUSE Linux Enterprise Server 12 SP2:tomcat-servlet-3_1-api SUSE Linux Enterprise Server 12 SP2:tomcat-webapps SUSE Linux Enterprise Server 12 SP3:tomcat SUSE Linux Enterprise Server 12 SP3:tomcat-admin-webapps SUSE Linux Enterprise Server 12 SP3:tomcat-docs-webapp SUSE Linux Enterprise Server 12 SP3:tomcat-el-3_0-api SUSE Linux Enterprise Server 12 SP3:tomcat-javadoc SUSE Linux Enterprise Server 12 SP3:tomcat-jsp-2_3-api SUSE Linux Enterprise Server 12 SP3:tomcat-lib SUSE Linux Enterprise Server 12 SP3:tomcat-servlet-3_1-api SUSE Linux Enterprise Server 12 SP3:tomcat-webapps SUSE Linux Enterprise Server 12-LTSS:tomcat SUSE Linux Enterprise Server 12-LTSS:tomcat-admin-webapps SUSE Linux Enterprise Server 12-LTSS:tomcat-docs-webapp SUSE Linux Enterprise Server 12-LTSS:tomcat-el-2_2-api SUSE Linux Enterprise Server 12-LTSS:tomcat-javadoc SUSE Linux Enterprise Server 12-LTSS:tomcat-jsp-2_2-api SUSE Linux Enterprise Server 12-LTSS:tomcat-lib SUSE Linux Enterprise Server 12-LTSS:tomcat-servlet-3_0-api SUSE Linux Enterprise Server 12-LTSS:tomcat-webapps moderate 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N