ID CVE-2016-5018
Summary In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.21:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.21:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.22:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.22:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.23:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.23:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.25:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.25:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.34:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.34:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.36:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.36:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.37:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.37:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.38:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.38:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.39:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.39:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.40:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.40:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.41:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.41:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.42:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.42:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.43:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.43:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.44:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.44:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.45:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.45:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.24:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.24:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.31:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.31:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.36:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.36:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.38:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.38:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.43:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.43:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.44:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.44:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.45:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.45:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.46:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.46:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.48:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.48:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.49:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.49:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.52:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.52:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.53:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.53:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.54:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.54:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.55:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.55:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.56:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.56:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.57:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.57:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.58:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.58:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.59:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.59:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.60:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.60:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.61:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.61:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.62:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.62:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.63:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.63:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.64:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.64:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.65:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.65:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.66:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.66:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.67:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.67:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.68:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.68:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.69:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.69:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.70:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.70:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.13:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.14:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.15:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.16:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.16:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.17:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.17:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.18:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.18:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.19:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.19:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.20:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.20:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.21:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.21:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.22:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.22:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.23:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.23:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.24:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.24:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.25:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.25:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.26:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.26:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.27:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.27:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.28:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.28:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.29:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.29:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.30:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.30:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.31:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.31:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.32:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.32:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.33:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.33:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.34:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.34:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.35:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.35:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.36:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.36:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m1:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m1:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m2:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m2:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m3:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m3:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m4:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m4:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m5:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m5:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m6:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m6:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m7:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m7:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m8:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m8:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m9:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m9:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 05-10-2020 - 22:15)
Impact:
Exploitability:
CWE CWE-254
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
redhat via4
advisories
  • rhsa
    id RHSA-2017:0455
  • rhsa
    id RHSA-2017:0456
  • rhsa
    id RHSA-2017:0457
  • rhsa
    id RHSA-2017:1548
  • rhsa
    id RHSA-2017:1549
  • rhsa
    id RHSA-2017:1550
  • rhsa
    id RHSA-2017:1551
  • rhsa
    id RHSA-2017:1552
  • rhsa
    id RHSA-2017:2247
rpms
  • hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6
  • hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6
  • hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6
  • hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6
  • hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6
  • jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6
  • jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6
  • jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6
  • jbcs-httpd24-runtime-0:1-3.jbcs.el6
  • mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6
  • mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6
  • mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6
  • tomcat-native-0:1.2.8-9.redhat_9.ep7.el6
  • tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6
  • tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6
  • tomcat7-0:7.0.70-16.ep7.el6
  • tomcat7-admin-webapps-0:7.0.70-16.ep7.el6
  • tomcat7-docs-webapp-0:7.0.70-16.ep7.el6
  • tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6
  • tomcat7-javadoc-0:7.0.70-16.ep7.el6
  • tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6
  • tomcat7-jsvc-0:7.0.70-16.ep7.el6
  • tomcat7-lib-0:7.0.70-16.ep7.el6
  • tomcat7-log4j-0:7.0.70-16.ep7.el6
  • tomcat7-selinux-0:7.0.70-16.ep7.el6
  • tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6
  • tomcat7-webapps-0:7.0.70-16.ep7.el6
  • tomcat8-0:8.0.36-17.ep7.el6
  • tomcat8-admin-webapps-0:8.0.36-17.ep7.el6
  • tomcat8-docs-webapp-0:8.0.36-17.ep7.el6
  • tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6
  • tomcat8-javadoc-0:8.0.36-17.ep7.el6
  • tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6
  • tomcat8-jsvc-0:8.0.36-17.ep7.el6
  • tomcat8-lib-0:8.0.36-17.ep7.el6
  • tomcat8-log4j-0:8.0.36-17.ep7.el6
  • tomcat8-selinux-0:8.0.36-17.ep7.el6
  • tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6
  • tomcat8-webapps-0:8.0.36-17.ep7.el6
  • hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7
  • hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7
  • hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7
  • hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7
  • hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7
  • jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7
  • jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7
  • jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7
  • jbcs-httpd24-runtime-0:1-3.jbcs.el7
  • mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7
  • mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7
  • mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7
  • tomcat-native-0:1.2.8-9.redhat_9.ep7.el7
  • tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7
  • tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7
  • tomcat7-0:7.0.70-16.ep7.el7
  • tomcat7-admin-webapps-0:7.0.70-16.ep7.el7
  • tomcat7-docs-webapp-0:7.0.70-16.ep7.el7
  • tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7
  • tomcat7-javadoc-0:7.0.70-16.ep7.el7
  • tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7
  • tomcat7-jsvc-0:7.0.70-16.ep7.el7
  • tomcat7-lib-0:7.0.70-16.ep7.el7
  • tomcat7-log4j-0:7.0.70-16.ep7.el7
  • tomcat7-selinux-0:7.0.70-16.ep7.el7
  • tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7
  • tomcat7-webapps-0:7.0.70-16.ep7.el7
  • tomcat8-0:8.0.36-17.ep7.el7
  • tomcat8-admin-webapps-0:8.0.36-17.ep7.el7
  • tomcat8-docs-webapp-0:8.0.36-17.ep7.el7
  • tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7
  • tomcat8-javadoc-0:8.0.36-17.ep7.el7
  • tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7
  • tomcat8-jsvc-0:8.0.36-17.ep7.el7
  • tomcat8-lib-0:8.0.36-17.ep7.el7
  • tomcat8-log4j-0:8.0.36-17.ep7.el7
  • tomcat8-selinux-0:8.0.36-17.ep7.el7
  • tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7
  • tomcat8-webapps-0:8.0.36-17.ep7.el7
  • hornetq-0:2.3.25-21.SP19_redhat_1.1.ep6.el7
  • ironjacamar-common-api-eap6-0:1.0.39-1.Final_redhat_1.1.ep6.el7
  • ironjacamar-common-impl-eap6-0:1.0.39-1.Final_redhat_1.1.ep6.el7
  • ironjacamar-common-spi-eap6-0:1.0.39-1.Final_redhat_1.1.ep6.el7
  • ironjacamar-core-api-eap6-0:1.0.39-1.Final_redhat_1.1.ep6.el7
  • ironjacamar-core-impl-eap6-0:1.0.39-1.Final_redhat_1.1.ep6.el7
  • ironjacamar-deployers-common-eap6-0:1.0.39-1.Final_redhat_1.1.ep6.el7
  • ironjacamar-eap6-0:1.0.39-1.Final_redhat_1.1.ep6.el7
  • ironjacamar-jdbc-eap6-0:1.0.39-1.Final_redhat_1.1.ep6.el7
  • ironjacamar-spec-api-eap6-0:1.0.39-1.Final_redhat_1.1.ep6.el7
  • ironjacamar-validator-eap6-0:1.0.39-1.Final_redhat_1.1.ep6.el7
  • jboss-as-appclient-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-cli-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-client-all-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-clustering-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-cmp-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-configadmin-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-connector-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-console-0:2.5.17-1.Final_redhat_1.1.ep6.el7
  • jboss-as-controller-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-controller-client-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-core-security-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-deployment-repository-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-deployment-scanner-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-domain-http-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-domain-management-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-ee-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-ee-deployment-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-ejb3-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-embedded-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-host-controller-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-jacorb-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-jaxr-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-jaxrs-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-jdr-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-jmx-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-jpa-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-jsf-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-jsr77-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-logging-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-mail-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-management-client-content-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-messaging-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-modcluster-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-naming-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-network-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-osgi-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-osgi-configadmin-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-osgi-service-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-picketlink-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-platform-mbean-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-pojo-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-process-controller-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-protocol-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-remoting-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-sar-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-security-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-server-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-system-jmx-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-threads-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-transactions-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-version-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-web-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-webservices-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-weld-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-as-xts-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jboss-hal-0:2.5.17-1.Final_redhat_1.1.ep6.el7
  • jboss-logmanager-0:1.5.7-1.Final_redhat_1.1.ep6.el7
  • jboss-marshalling-0:1.4.10-2.SP2_redhat_1.1.ep6.el7
  • jboss-modules-0:1.3.9-1.Final_redhat_1.1.ep6.el7
  • jbossas-appclient-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jbossas-bundles-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jbossas-core-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jbossas-domain-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jbossas-javadocs-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jbossas-modules-eap-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jbossas-product-eap-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jbossas-standalone-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jbossas-welcome-content-eap-0:7.5.16-1.Final_redhat_1.1.ep6.el7
  • jbossts-1:4.17.42-1.Final_redhat_1.1.ep6.el7
  • jbossweb-0:7.5.23-1.Final_redhat_1.1.ep6.el7
  • jgroups-1:3.2.17-1.Final_redhat_1.1.ep6.el7
  • picketbox-0:4.1.6-1.Final_redhat_1.1.ep6.el7
  • resteasy-0:2.3.20-1.Final_redhat_1.1.ep6.el7
  • hornetq-0:2.3.25-21.SP19_redhat_1.1.ep6.el6
  • ironjacamar-common-api-eap6-0:1.0.39-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-common-impl-eap6-0:1.0.39-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-common-spi-eap6-0:1.0.39-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-core-api-eap6-0:1.0.39-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-core-impl-eap6-0:1.0.39-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-deployers-common-eap6-0:1.0.39-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-eap6-0:1.0.39-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-jdbc-eap6-0:1.0.39-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-spec-api-eap6-0:1.0.39-1.Final_redhat_1.1.ep6.el6
  • ironjacamar-validator-eap6-0:1.0.39-1.Final_redhat_1.1.ep6.el6
  • jboss-as-appclient-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-cli-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-client-all-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-clustering-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-cmp-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-configadmin-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-connector-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-console-0:2.5.17-1.Final_redhat_1.1.ep6.el6
  • jboss-as-controller-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-controller-client-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-core-security-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-deployment-repository-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-domain-http-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-domain-management-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-ee-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-ee-deployment-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-ejb3-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-embedded-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-host-controller-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-jacorb-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-jaxr-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-jaxrs-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-jdr-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-jmx-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-jpa-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-jsf-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-jsr77-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-logging-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-mail-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-management-client-content-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-messaging-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-modcluster-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-naming-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-network-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-osgi-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-osgi-configadmin-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-osgi-service-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-picketlink-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-platform-mbean-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-pojo-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-process-controller-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-protocol-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-remoting-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-sar-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-security-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-server-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-system-jmx-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-threads-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-transactions-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-version-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-web-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-webservices-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-weld-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-as-xts-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jboss-hal-0:2.5.17-1.Final_redhat_1.1.ep6.el6
  • jboss-logmanager-0:1.5.7-1.Final_redhat_1.1.ep6.el6
  • jboss-marshalling-0:1.4.10-2.SP2_redhat_1.1.ep6.el6
  • jboss-modules-0:1.3.9-1.Final_redhat_1.1.ep6.el6
  • jbossas-appclient-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jbossas-bundles-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jbossas-core-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jbossas-domain-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jbossas-javadocs-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jbossas-modules-eap-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jbossas-product-eap-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jbossas-standalone-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jbossas-welcome-content-eap-0:7.5.16-1.Final_redhat_1.1.ep6.el6
  • jbossts-1:4.17.42-1.Final_redhat_1.1.ep6.el6
  • jbossweb-0:7.5.23-1.Final_redhat_1.1.ep6.el6
  • jgroups-1:3.2.17-1.Final_redhat_1.1.ep6.el6
  • picketbox-0:4.1.6-1.Final_redhat_1.1.ep6.el6
  • resteasy-0:2.3.20-1.Final_redhat_1.1.ep6.el6
  • hornetq-0:2.3.25-21.SP19_redhat_1.1.ep6.el5
  • ironjacamar-common-api-eap6-0:1.0.39-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-common-impl-eap6-0:1.0.39-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-common-spi-eap6-0:1.0.39-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-core-api-eap6-0:1.0.39-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-core-impl-eap6-0:1.0.39-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-deployers-common-eap6-0:1.0.39-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-eap6-0:1.0.39-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-jdbc-eap6-0:1.0.39-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-spec-api-eap6-0:1.0.39-1.Final_redhat_1.1.ep6.el5
  • ironjacamar-validator-eap6-0:1.0.39-1.Final_redhat_1.1.ep6.el5
  • jboss-as-appclient-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-cli-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-client-all-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-clustering-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-cmp-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-configadmin-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-connector-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-console-0:2.5.17-1.Final_redhat_1.1.ep6.el5
  • jboss-as-controller-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-controller-client-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-core-security-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-deployment-repository-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-deployment-scanner-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-domain-http-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-domain-management-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-ee-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-ee-deployment-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-ejb3-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-embedded-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-host-controller-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-jacorb-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-jaxr-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-jaxrs-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-jdr-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-jmx-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-jpa-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-jsf-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-jsr77-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-logging-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-mail-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-management-client-content-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-messaging-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-modcluster-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-naming-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-network-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-osgi-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-osgi-configadmin-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-osgi-service-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-picketlink-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-platform-mbean-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-pojo-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-process-controller-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-protocol-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-remoting-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-sar-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-security-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-server-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-system-jmx-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-threads-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-transactions-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-version-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-web-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-webservices-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-weld-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-as-xts-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jboss-hal-0:2.5.17-1.Final_redhat_1.1.ep6.el5
  • jboss-logmanager-0:1.5.7-1.Final_redhat_1.1.ep6.el5
  • jboss-marshalling-0:1.4.10-2.SP2_redhat_1.1.ep6.el5
  • jboss-modules-0:1.3.9-1.Final_redhat_1.1.ep6.el5
  • jbossas-appclient-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jbossas-bundles-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jbossas-core-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jbossas-domain-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jbossas-javadocs-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jbossas-modules-eap-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jbossas-product-eap-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jbossas-standalone-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jbossas-welcome-content-eap-0:7.5.16-1.Final_redhat_1.1.ep6.el5
  • jbossts-1:4.17.42-1.Final_redhat_1.1.ep6.el5
  • jbossweb-0:7.5.23-1.Final_redhat_1.1.ep6.el5
  • jgroups-1:3.2.17-1.Final_redhat_1.1.ep6.el5
  • picketbox-0:4.1.6-1.Final_redhat_1.1.ep6.el5
  • resteasy-0:2.3.20-1.Final_redhat_1.1.ep6.el5
  • jboss-ec2-eap-0:7.5.16-1.Final_redhat_1.ep6.el6
  • jboss-ec2-eap-samples-0:7.5.16-1.Final_redhat_1.ep6.el6
  • tomcat-0:7.0.76-2.el7
  • tomcat-admin-webapps-0:7.0.76-2.el7
  • tomcat-docs-webapp-0:7.0.76-2.el7
  • tomcat-el-2.2-api-0:7.0.76-2.el7
  • tomcat-javadoc-0:7.0.76-2.el7
  • tomcat-jsp-2.2-api-0:7.0.76-2.el7
  • tomcat-jsvc-0:7.0.76-2.el7
  • tomcat-lib-0:7.0.76-2.el7
  • tomcat-servlet-3.0-api-0:7.0.76-2.el7
  • tomcat-webapps-0:7.0.76-2.el7
refmap via4
bid 93942
confirm https://security.netapp.com/advisory/ntap-20180605-0001/
debian DSA-3720
misc http://packetstormsecurity.com/files/155873/Tomcat-9.0.0.M1-Sandbox-Escape.html
mlist
  • [announce] 20161027 [SECURITY] CVE-2016-5018 Apache Tomcat Security Manager Bypass
  • [tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
  • [tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
  • [tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
  • [tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
  • [tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
  • [tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/
  • [tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/
  • [tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/
  • [tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/
  • [tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/
  • [tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/
  • [tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/
sectrack
  • 1037142
  • 1038757
Last major update 05-10-2020 - 22:15
Published 10-08-2017 - 16:29
Last modified 05-10-2020 - 22:15
Back to Top