How severe is CVE-2017-15706?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2017-15706?

This is classified as CWE-358, which is a common weakness in software security.

CVE-2017-15706

MEDIUM Year: 2017

CVSS v3 Score

5.3

Medium

CVSS v2 Score

5.0

Medium

Weakness Type

CWE-358

View all →

Vulnerability Description

As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correct. As a result, some scripts may have failed to execute as expected and other scripts may have been executed unexpectedly. Note that the behaviour of the CGI servlet has remained unchanged in this regard. It is only the documentation of the behaviour that was wrong and has been corrected.

CVE-2014-4843

MEDIUM

CVSS:5.3(Medium)

Curam Universal Access in IBM Curam Social Program Management (SPM) 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.5 iFix5 allows remote attackers to obtain sensitive information ab...

CWE-3582014

CVE-2017-12303

MEDIUM

CVSS:5.3(Medium)

A vulnerability in the Advanced Malware Protection (AMP) file filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypa...

CWE-3582017

CVE-2017-15105

MEDIUM

CVSS:5.3(Medium)

A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of...

CWE-3582017

CVE-2021-34790

MEDIUM

CVSS:5.3(Medium)

Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD)...

CWE-3582021

CVE-2021-34791

MEDIUM

CVSS:5.3(Medium)

CWE-3582021

CVE-2017-2612

MEDIUM

CVSS:5.4(Medium)

In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK.

CWE-3582017

CVE-2017-15706

Vulnerability Description

Related Vulnerabilities

CVE-2014-4843

CVE-2017-12303

CVE-2017-15105

CVE-2021-34790

CVE-2021-34791

CVE-2017-2612