BSA-2017-306

Brocade Fabric OS

2 more products

21550

17 May 2017

17 May 2017

Closed

Low

3.6

N/A

CVE-2017-5648

Summary

Security Advisory ID : BSA-2017-306

Component : Apache Tomcat

Revision : 1.0: Interim

While investigating bug 60718, it was noticed that some calls to application listeners did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application.

Affected Products

Brocade is investigating its product lines to determine which products may be affected by this vulnerability and the impact on each affected product.

Products Confirmed Not Vulnerable

Brocade FastIron OS, Brocade NetIron OS, Brocade ServerIron ADX, Brocade Services Director, Brocade SLX-OS, Brocade Virtual ADX, Brocade Virtual Traffic Manager, and Brocade Virtual Web Application Firewall are confirmed not affected by this vulnerability.

Workaround

There are no workarounds that address this vulnerability.

 

Revision History

Version Change Date
1.0 Initial Publication May 17, 2017