[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-MGASA-2017-0352":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":18,"duplicates":19,"related":20,"reserved_at":9,"published_at":23,"modified_at":24,"state":9,"summary":25,"references_raw":27,"kevs":60,"epss":9,"epss_history":61,"metrics":62,"affected":63},"MGASA-2017-0352","Updated tomcat packages fix security vulnerability\n\nThe CORS Filter did not add an HTTP Vary header indicating that the\nresponse varies depending on Origin. This permitted client and server\nside cache poisoning in some circumstances (CVE-2017-7674).\n\nWhen using a VirtualDirContext it was possible to bypass security\nconstraints and/or view the source code of JSPs for resources served\nby the VirtualDirContext using a specially crafted request\n(CVE-2017-12616).\n\nNote that CVE-2017-12616 only affected tomcat 7 in Mageia 5.\n",null,[],[],[],[14,16],{"_key":15},"CVE-2017-12616",{"_key":17},"CVE-2017-7674",[],[],[21,22],{"_key":15},{"_key":17},"2017-09-21T13:43:32Z","2026-04-16T06:23:43.777837131Z",{"cisa_kev":26,"cisa_ransomware":26,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[28,34,39,44,48,52,56],{"url":29,"sources":30,"tags":32},"https://advisories.mageia.org/MGASA-2017-0352.html",[31],"osv_mageia",[33],"Advisory",{"url":35,"sources":36,"tags":37},"https://bugs.mageia.org/show_bug.cgi?id=21714",[31],[38],"REPORT",{"url":40,"sources":41,"tags":42},"https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.79",[31],[38,43],"WEB",{"url":45,"sources":46,"tags":47},"https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81",[31],[38,43],{"url":49,"sources":50,"tags":51},"https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.45",[31],[38,43],{"url":53,"sources":54,"tags":55},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CH5PGYTIBGQHGGUEXRIIGNXJSLBNYYUS/",[31],[38,43],{"url":57,"sources":58,"tags":59},"http://openwall.com/lists/oss-security/2017/09/19/2",[31],[38,43],[],[],[],[64,76],{"ecosystem":65,"name":66,"vendor":67,"product":66,"cpe_part":9,"purl_type":68,"purl_namespace":67,"purl_name":66,"source":9,"versions":69},"Mageia","tomcat","mageia","rpm",[70],{"version":71,"is_range":72,"range_type":73,"version_start":9,"version_start_type":9,"version_end":74,"version_end_type":75,"fixed_in":9},"lt7_0_81_1_mga5",true,"ecosystem","7.0.81-1.mga5","excluding",{"ecosystem":65,"name":66,"vendor":67,"product":66,"cpe_part":9,"purl_type":68,"purl_namespace":67,"purl_name":66,"source":9,"versions":77},[78],{"version":79,"is_range":72,"range_type":73,"version_start":9,"version_start_type":9,"version_end":80,"version_end_type":75,"fixed_in":9},"lt8_0_46_1_mga6","8.0.46-1.mga6"]