ID CVE-2016-5388
Summary Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388"; in other words, this is not a CVE ID for a vulnerability.
References
Vulnerable Configurations
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:-:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:-:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.0.1.104:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.0.1.104:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.0.2.106:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.0.2.106:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.1.0-103:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.1.0-103:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.1.0-103\(a\):*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.1.0-103\(a\):*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.1.0-109:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.1.0-109:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.1.0-118:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.1.0-118:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.1.0.121:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.1.0.121:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.1.2-127:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.1.2-127:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.1.2.127:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.1.2.127:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.1.3.132:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.1.3.132:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.1.4-143:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.1.4-143:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.1.4.143:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.1.4.143:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.1.5-146:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.1.5-146:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.1.5.146:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.1.5.146:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.1.5.146:b:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.1.5.146:b:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.1.6-156:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.1.6-156:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.1.6.156:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.1.6.156:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.1.7-168:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.1.7-168:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.1.7.168:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.1.7.168:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.1.8-177:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.1.8-177:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.1.8.179:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.1.8.179:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.1.9:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.1.9-178:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.1.9-178:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.1.10:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.1.10-186:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.1.10-186:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.1.10.186:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.1.10.186:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.1.10.186:b:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.1.10.186:b:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.1.10.186:c:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.1.10.186:c:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.1.11:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.1.11-197:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.1.11-197:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.1.11.197:a:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.1.11.197:a:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.1.12-118:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.1.12-118:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.1.12-200:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.1.12-200:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.1.12.201:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.1.12.201:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.1.14:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.1.14:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.1.14.20:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.1.14.20:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.1.15:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.1.15:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.1.15-210:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.1.15-210:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.1.15.210:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.1.15.210:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:2.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:2.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:3.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:3.0.0-68:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:3.0.0-68:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:3.0.0.64:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:3.0.0.64:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:3.0.1-73:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:3.0.1-73:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:3.0.1.73:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:3.0.1.73:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:3.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:3.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:3.0.2-77:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:3.0.2-77:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:3.0.2.77:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:3.0.2.77:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:3.0.2.77:b:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:3.0.2.77:b:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:3.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:3.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:3.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:3.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:6.0.0-95:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:6.0.0-95:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:6.0.0.96:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:6.0.0.96:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:6.1:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:6.1.0-103:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:6.1.0-103:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:6.1.0.102:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:6.1.0.102:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:6.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:6.2.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:6.2.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:6.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:6.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:6.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:6.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:7.1:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:7.2:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:7.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:7.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:7.5.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:7.5.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:hp:system_management_homepage:7.5.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:hp:system_management_homepage:7.5.4.3:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:oracle:linux:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:oracle:linux:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:oracle:linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:oracle:linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.4:alpha:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.4:alpha:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.6:alpha:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.6:alpha:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.7:alpha:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.7:alpha:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.7:beta:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.7:beta:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.8:alpha:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.8:alpha:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.9:beta:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.9:beta:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.21:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.21:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.22:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.22:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.23:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.23:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.25:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.25:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.34:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.34:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.36:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.36:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.37:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.37:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.38:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.38:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.40:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.40:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.41:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.41:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.42:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.42:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.43:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.43:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.44:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.44:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:6.0.45:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:6.0.45:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.0:rc4:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.0:rc4:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.5:beta:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.5:beta:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.24:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.24:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.31:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.31:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.36:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.36:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.38:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.38:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.43:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.43:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.44:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.44:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.45:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.45:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.46:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.46:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.48:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.48:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.49:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.49:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.51:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.51:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.52:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.52:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.53:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.53:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.54:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.54:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.55:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.55:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.56:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.56:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.57:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.57:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.58:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.58:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.59:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.59:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.60:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.60:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.61:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.61:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.62:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.62:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.63:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.63:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.64:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.64:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.65:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.65:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.66:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.66:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.67:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.67:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.68:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.68:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.69:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.69:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.70:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.70:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.13:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.14:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.15:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.16:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.16:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.17:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.17:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.18:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.18:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.19:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.19:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.20:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.20:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.21:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.21:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.22:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.22:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.23:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.23:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.24:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.24:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.25:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.25:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.26:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.26:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.27:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.27:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.28:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.28:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.29:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.29:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.30:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.30:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.31:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.31:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.32:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.32:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.33:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.33:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.34:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.34:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.35:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.35:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.36:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.36:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.37:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.37:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.38:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.38:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.39:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.39:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.40:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.40:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.41:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.41:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.42:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.42:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.43:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.43:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.44:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.44:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.45:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.45:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.46:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.46:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.47:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.47:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.48:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.48:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.49:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.49:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.50:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.50:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.51:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.51:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.52:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.52:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.53:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.53:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.4:*:*:*:*:*:*:*
CVSS
Base: 5.1 (as of 13-08-2019 - 22:15)
Impact:
Exploitability:
CWE CWE-284
CAPEC
  • Embedding Scripts within Scripts
    An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts. The attacker leverages this capability to execute scripts to execute his/her own script by embedding it within other scripts that the target software is likely to execute. The attacker must have the ability to inject script into script that is likely to be executed. If this is done, then the attacker can potentially launch a variety of probes and attacks against the web server's local environment, in many cases the so-called DMZ, back end resources the web server can communicate with, and other hosts. With the proliferation of intermediaries, such as Web App Firewalls, network devices, and even printers having JVMs and Web servers, there are many locales where an attacker can inject malicious scripts. Since this attack pattern defines scripts within scripts, there are likely privileges to execute said attack on the host. Of course, these attacks are not solely limited to the server side, client side scripts like Ajax and client side JavaScript can contain malicious scripts as well. In general all that is required is for there to be sufficient privileges to execute a script, but not protected against writing.
  • Signature Spoofing by Key Theft
    An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2016:1624
  • rhsa
    id RHSA-2016:1635
  • rhsa
    id RHSA-2016:1636
  • rhsa
    id RHSA-2016:2045
  • rhsa
    id RHSA-2016:2046
rpms
  • tomcat6-0:6.0.24-98.el6_8
  • tomcat6-admin-webapps-0:6.0.24-98.el6_8
  • tomcat6-docs-webapp-0:6.0.24-98.el6_8
  • tomcat6-el-2.1-api-0:6.0.24-98.el6_8
  • tomcat6-javadoc-0:6.0.24-98.el6_8
  • tomcat6-jsp-2.1-api-0:6.0.24-98.el6_8
  • tomcat6-lib-0:6.0.24-98.el6_8
  • tomcat6-servlet-2.5-api-0:6.0.24-98.el6_8
  • tomcat6-webapps-0:6.0.24-98.el6_8
  • tomcat-0:7.0.54-8.el7_2
  • tomcat-admin-webapps-0:7.0.54-8.el7_2
  • tomcat-docs-webapp-0:7.0.54-8.el7_2
  • tomcat-el-2.2-api-0:7.0.54-8.el7_2
  • tomcat-javadoc-0:7.0.54-8.el7_2
  • tomcat-jsp-2.2-api-0:7.0.54-8.el7_2
  • tomcat-jsvc-0:7.0.54-8.el7_2
  • tomcat-lib-0:7.0.54-8.el7_2
  • tomcat-servlet-3.0-api-0:7.0.54-8.el7_2
  • tomcat-webapps-0:7.0.54-8.el7_2
refmap via4
bid 91818
cert-vn VU#797896
confirm
misc https://httpoxy.org/
sectrack 1036331
suse openSUSE-SU-2016:2252
Last major update 13-08-2019 - 22:15
Published 19-07-2016 - 02:00
Back to Top