Red Hat Bugzilla – Bug 1480626
CVE-2017-7675 tomcat: Security Constraint Bypass
Last modified: 2017-08-11 10:12:57 EDT
The HTTP/2 implementation bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using an specially crafted URL.
Affected versions: 8.5.0 to 8.5.15