Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Apache Tomcat Insufficient Verification of Data Authenticity Vulnerability - CVE-2017-7674 - Vulnerability Database
Apache Tomcat

Apache Tomcat Insufficient Verification of Data Authenticity Vulnerability - CVE-2017-7674

Medium
Reference: CVE-2017-7674
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2017-7674
Title: Apache Tomcat Insufficient Verification of Data Authenticity Vulnerability
Overview:

The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 8.5.0 to 8.5.15 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances.