CVE-2017-5664

EPSS 10.80% · P93 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2017-5664

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat 9.0.0.M1 to 9.0.0.M20, 8.5.0 to 8.5.14, 8.0.0.RC1 to 8.0.43 and 7.0.0 to 7.0.77 did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the HTTP method. JSPs used as error pages must must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Apache Tomcat Default Servlet 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Apache Tomcat是美国阿帕奇（Apache）软件基金会下属的Jakarta项目的一款轻量级Web应用服务器，它主要用于开发和调试JSP程序，适用于中小型系统。Default Servlet是其中的一个对静态资源进行处理的类。 Apache Tomcat中的Default Servlet存在安全漏洞。攻击者可利用该漏洞绕过安全限制，执行未授权的操作。以下版本受到影响：Apache Tomcat 9.0.0.M1版本至9.0.0.M20版本，8.5.0版本至8.5.14版本，8.0.0.RC1版本至

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Apache Software Foundation	Apache Tomcat	9.0.0.M1 to 9.0.0.M20	-

II. Public POCs for CVE-2017-5664

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2017-5664

请登录查看更多情报信息。

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlx_refsource_CONFIRM
🔗 https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
🔗 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlx_refsource_CONFIRM
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_usx_refsource_CONFIRM
🔗 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlx_refsource_CONFIRM
🔗 https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlx_refsource_MISC
🔗 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlx_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20171019-0002/x_refsource_CONFIRM
🔗 http://www.securityfocus.com/bid/98888vdb-entryx_refsource_BID
🔗 http://www.securitytracker.com/id/1038641vdb-entryx_refsource_SECTRACK
http://www.debian.org/security/2017/dsa-3892vendor-advisoryx_refsource_DEBIAN
http://www.debian.org/security/2017/dsa-3891vendor-advisoryx_refsource_DEBIAN
🔗 https://access.redhat.com/errata/RHSA-2017:2633vendor-advisoryx_refsource_REDHAT
🔗 https://access.redhat.com/errata/RHSA-2017:3080vendor-advisoryx_refsource_REDHAT
🔗 https://access.redhat.com/errata/RHSA-2017:2635vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1802vendor-advisoryx_refsource_REDHAT
🔗 https://access.redhat.com/errata/RHSA-2017:2638vendor-advisoryx_refsource_REDHAT
🔗 https://access.redhat.com/errata/RHSA-2017:1809vendor-advisoryx_refsource_REDHAT
🔗 https://access.redhat.com/errata/RHSA-2017:2494vendor-advisoryx_refsource_REDHAT
🔗 https://access.redhat.com/errata/RHSA-2017:2637vendor-advisoryx_refsource_REDHAT
🔗 https://access.redhat.com/errata/RHSA-2017:1801vendor-advisoryx_refsource_REDHAT
🔗 https://access.redhat.com/errata/RHSA-2017:2493vendor-advisoryx_refsource_REDHAT
🔗 https://access.redhat.com/errata/RHSA-2017:2636vendor-advisoryx_refsource_REDHAT
🔗 https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/a42c48e37398d76334e17089e43ccab945238b8b7896538478d76066%40%3Cannounce.tomcat.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3Emailing-listx_refsource_MLIST
https://nvd.nist.gov/vuln/detail/CVE-2017-5664

IV. Related Vulnerabilities

Same product: Apache Tomcat

Same vendor: Apache Software Foundation

V. Comments for CVE-2017-5664

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2017-5664

I. Basic Information for CVE-2017-5664

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2017-5664

III. Intelligence Information for CVE-2017-5664

IV. Related Vulnerabilities

V. Comments for CVE-2017-5664

Leave a comment