{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T21:57:02.089","vulnerabilities":[{"cve":{"id":"CVE-2017-15706","sourceIdentifier":"security@apache.org","published":"2018-01-31T14:29:00.500","lastModified":"2024-11-21T03:15:02.480","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correct. As a result, some scripts may have failed to execute as expected and other scripts may have been executed unexpectedly. Note that the behaviour of the CGI servlet has remained unchanged in this regard. It is only the documentation of the behaviour that was wrong and has been corrected."},{"lang":"es","value":"Como parte de la solución para el bug 61201, la documentación para Apache Tomcat en versiones 9.0.0.M22 a la 9.0.1; versiones 8.5.16 a 8.5.23; 8.0.45 a 8.0.47 y 7.0.79 to 7.0.82 incluía una descripción actualizada del algoritmo de búsqueda empleado por el Servlet CGI para identificar qué script ejecutar. La actualización no fue correcta. Como resultado, algunos scripts no se han ejecutado como se esperaba y otros se han ejecutado inesperadamente. Se debe tener en cuenta que el comportamiento del servlet CGI se ha mantenido sin cambios en este sentido. Lo único erróneo era la documentación del comportamiento, que ya ha sido corregida."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-358"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.79","versionEndIncluding":"7.0.82","matchCriteriaId":"96F2AD27-8BC3-44DB-B732-6AF1ACAA9C62"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.45","versionEndIncluding":"8.0.47","matchCriteriaId":"2D675B52-2C19-4DD8-9BDD-1CDE23DF5520"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","versionStartIncluding":"8.5.16","versionEndIncluding":"8.5.23","matchCriteriaId":"48422EF4-3664-491E-8024-D522FD2E1144"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*","matchCriteriaId":"EF411DDA-2601-449A-9046-D250419A0E1A"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*","matchCriteriaId":"3B266B1E-24B5-47EE-A421-E0E3CC0C7471"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*","matchCriteriaId":"29614C3A-6FB3-41C7-B56E-9CC3F45B04F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*","matchCriteriaId":"C6AB156C-8FF6-4727-AF75-590D0DCB3F9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*","matchCriteriaId":"C0C5F004-F7D8-45DB-B173-351C50B0EC16"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*","matchCriteriaId":"D1902D2E-1896-4D3D-9E1C-3A675255072C"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*","matchCriteriaId":"454211D0-60A2-4661-AECA-4C0121413FEB"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*","matchCriteriaId":"558703AE-DB5E-4DFF-B497-C36694DD7B24"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*","matchCriteriaId":"ED6273F2-1165-47A4-8DD7-9E9B2472941B"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:9.0.1:*:*:*:*:*:*:*","matchCriteriaId":"A4355F36-B223-4819-8272-751EBB68782F"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/103069","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/e1ef853fc0079cdb55befbd2dac042934e49288b476d5f6a649e5da2%40%3Cannounce.tomcat.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E","source":"security@apache.org"},{"url":"https://usn.ubuntu.com/3665-1/","source":"security@apache.org"},{"url":"https://www.oracle.com/security-alerts/cpuapr2020.html","source":"security@apache.org"},{"url":"http://www.securityfocus.com/bid/103069","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/e1ef853fc0079cdb55befbd2dac042934e49288b476d5f6a649e5da2%40%3Cannounce.tomcat.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://usn.ubuntu.com/3665-1/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.oracle.com/security-alerts/cpuapr2020.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}