Directory Traversal Vulnerability in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15

Directory Traversal Vulnerability in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15

CVE-2017-7675 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL.

Learn more about our Cis Benchmark Audit For Apache Http Server.