Description
* A vulnerability was discovered in the error page mechanism in Tomcat's
DefaultServlet implementation. A crafted HTTP request could cause undesired side
effects, possibly including the removal or replacement of the custom error page.
(CVE-2017-5664)
* A vulnerability was discovered in Tomcat. When running an untrusted
application under a SecurityManager it was possible, under some circumstances,
for that application to retain references to the request or response objects and
thereby access and/or modify information associated with another web
application. (CVE-2017-5648)