CVE-2017-13990 : What You Need to Know

A security flaw related to information disclosure has been identified in ArcSight ESM and ArcSight ESM Express, potentially exposing the Apache Tomcat application server version.

Understanding CVE-2017-13990

This CVE involves an information leakage vulnerability in specific versions of ArcSight ESM and ArcSight ESM Express.

What is CVE-2017-13990?

This CVE refers to a security flaw in ArcSight ESM and ArcSight ESM Express versions prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allowing the disclosure of the Apache Tomcat application server version.

The Impact of CVE-2017-13990

The vulnerability may lead to potential information disclosure, which could be exploited by malicious actors to gather sensitive information about the Apache Tomcat application server version.

Technical Details of CVE-2017-13990

This section provides more technical insights into the CVE.

Vulnerability Description

The vulnerability in ArcSight ESM and ArcSight ESM Express versions prior to 6.9.1c Patch 4 or 6.11.0 Patch 1 allows for the exposure of the Apache Tomcat application server version.

Affected Systems and Versions

ArcSight ESM versions prior to 6.9.1c Patch 4
ArcSight ESM Express versions prior to 6.11.0 Patch 1

Exploitation Mechanism

The vulnerability can be exploited by attackers to gain access to sensitive information regarding the Apache Tomcat application server version.

Mitigation and Prevention

Protecting systems from CVE-2017-13990 is crucial to maintaining security.

Immediate Steps to Take

Apply the necessary patches provided by the vendor to mitigate the vulnerability.
Monitor for any unauthorized access or information disclosure.

Long-Term Security Practices

Regularly update and patch software to prevent vulnerabilities.
Implement access controls and monitoring mechanisms to detect suspicious activities.

Patching and Updates

Ensure that systems are updated with the latest patches and security fixes to address the CVE-2017-13990 vulnerability.