ID CVE-2018-8014
Summary The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.43:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.43:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.44:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.44:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.45:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.45:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.46:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.46:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.48:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.48:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.49:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.49:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.51:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.51:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.52:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.52:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.53:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.53:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.54:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.54:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.55:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.55:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.56:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.56:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.57:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.57:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.58:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.58:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.59:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.59:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.60:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.60:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.61:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.61:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.62:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.62:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.63:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.63:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.64:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.64:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.65:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.65:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.66:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.66:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.67:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.67:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.68:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.68:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.69:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.69:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.70:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.70:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.71:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.71:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.72:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.72:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.73:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.73:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.74:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.74:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.75:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.75:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.76:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.76:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.77:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.77:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.78:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.78:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.79:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.79:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.80:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.80:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.81:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.81:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.82:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.82:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.83:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.83:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.84:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.84:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.85:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.85:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.86:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.86:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.87:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.87:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:7.0.88:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:7.0.88:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.13:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.14:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.15:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.16:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.16:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.17:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.17:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.18:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.18:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.19:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.19:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.20:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.20:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.21:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.21:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.22:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.22:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.23:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.23:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.24:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.24:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.25:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.25:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.26:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.26:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.27:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.27:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.28:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.28:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.29:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.29:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.30:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.30:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.31:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.31:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.32:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.32:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.33:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.33:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.34:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.34:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.35:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.35:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.36:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.36:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.37:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.37:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.38:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.38:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.39:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.39:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.40:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.40:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.41:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.41:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.42:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.42:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.43:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.43:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.44:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.44:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.45:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.45:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.46:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.46:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.47:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.47:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.48:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.48:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.49:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.49:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.50:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.50:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.51:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.51:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.0.52:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.0.52:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.10:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.10:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.11:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.11:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.12:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.12:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.13:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.13:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.14:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.14:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.15:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.15:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.16:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.16:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.17:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.17:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.18:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.18:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.19:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.19:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.21:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.21:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.22:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.22:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.23:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.23:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.24:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.24:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.25:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.25:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.26:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.26:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.27:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.27:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.28:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.28:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.29:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.29:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.30:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.30:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.31:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.31:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m1:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m1:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m10:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m10:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m11:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m11:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m12:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m12:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m13:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m13:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m14:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m14:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m15:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m15:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m16:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m16:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m17:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m17:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m18:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m18:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m19:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m19:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m2:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m2:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m20:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m20:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m21:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m21:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m22:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m22:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m23:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m23:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m24:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m24:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m25:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m25:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m26:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m26:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m27:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m27:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m3:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m3:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m4:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m4:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m5:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m5:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m6:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m6:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m7:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m7:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m8:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m8:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m9:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m9:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.8:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_unified_manager:9.5:*:*:*:*:vmware_vsphere:*:*
    cpe:2.3:a:netapp:oncommand_unified_manager:9.5:*:*:*:*:vmware_vsphere:*:*
  • cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snapcenter_server:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:snapcenter_server:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_unified_manager:7.3:*:*:*:*:windows:*:*
    cpe:2.3:a:netapp:oncommand_unified_manager:7.3:*:*:*:*:windows:*:*
  • cpe:2.3:a:netapp:oncommand_unified_manager:9.4:*:*:*:*:vsphere:*:*
    cpe:2.3:a:netapp:oncommand_unified_manager:9.4:*:*:*:*:vsphere:*:*
  • cpe:2.3:a:netapp:oncommand_unified_manager:9.4:*:*:*:*:windows:*:*
    cpe:2.3:a:netapp:oncommand_unified_manager:9.4:*:*:*:*:windows:*:*
  • cpe:2.3:a:netapp:oncommand_unified_manager:9.5:*:*:*:*:linux:*:*
    cpe:2.3:a:netapp:oncommand_unified_manager:9.5:*:*:*:*:linux:*:*
  • cpe:2.3:a:netapp:oncommand_unified_manager:9.5:*:*:*:*:vsphere:*:*
    cpe:2.3:a:netapp:oncommand_unified_manager:9.5:*:*:*:*:vsphere:*:*
  • cpe:2.3:a:netapp:oncommand_unified_manager:9.5:*:*:*:*:windows:*:*
    cpe:2.3:a:netapp:oncommand_unified_manager:9.5:*:*:*:*:windows:*:*
  • cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:
CWE CWE-1188
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2018:2469
  • rhsa
    id RHSA-2018:2470
  • rhsa
    id RHSA-2018:3768
  • rhsa
    id RHSA-2019:0450
  • rhsa
    id RHSA-2019:0451
  • rhsa
    id RHSA-2019:1529
  • rhsa
    id RHSA-2019:2205
rpms
  • tomcat-native-0:1.2.17-17.redhat_17.ep7.el6
  • tomcat-native-0:1.2.17-17.redhat_17.ep7.el7
  • tomcat-native-debuginfo-0:1.2.17-17.redhat_17.ep7.el6
  • tomcat-native-debuginfo-0:1.2.17-17.redhat_17.ep7.el7
  • tomcat7-0:7.0.70-27.ep7.el6
  • tomcat7-0:7.0.70-27.ep7.el7
  • tomcat7-admin-webapps-0:7.0.70-27.ep7.el6
  • tomcat7-admin-webapps-0:7.0.70-27.ep7.el7
  • tomcat7-docs-webapp-0:7.0.70-27.ep7.el6
  • tomcat7-docs-webapp-0:7.0.70-27.ep7.el7
  • tomcat7-el-2.2-api-0:7.0.70-27.ep7.el6
  • tomcat7-el-2.2-api-0:7.0.70-27.ep7.el7
  • tomcat7-javadoc-0:7.0.70-27.ep7.el6
  • tomcat7-javadoc-0:7.0.70-27.ep7.el7
  • tomcat7-jsp-2.2-api-0:7.0.70-27.ep7.el6
  • tomcat7-jsp-2.2-api-0:7.0.70-27.ep7.el7
  • tomcat7-jsvc-0:7.0.70-27.ep7.el6
  • tomcat7-jsvc-0:7.0.70-27.ep7.el7
  • tomcat7-lib-0:7.0.70-27.ep7.el6
  • tomcat7-lib-0:7.0.70-27.ep7.el7
  • tomcat7-log4j-0:7.0.70-27.ep7.el6
  • tomcat7-log4j-0:7.0.70-27.ep7.el7
  • tomcat7-selinux-0:7.0.70-27.ep7.el6
  • tomcat7-selinux-0:7.0.70-27.ep7.el7
  • tomcat7-servlet-3.0-api-0:7.0.70-27.ep7.el6
  • tomcat7-servlet-3.0-api-0:7.0.70-27.ep7.el7
  • tomcat7-webapps-0:7.0.70-27.ep7.el6
  • tomcat7-webapps-0:7.0.70-27.ep7.el7
  • tomcat8-0:8.0.36-31.ep7.el6
  • tomcat8-0:8.0.36-31.ep7.el7
  • tomcat8-admin-webapps-0:8.0.36-31.ep7.el6
  • tomcat8-admin-webapps-0:8.0.36-31.ep7.el7
  • tomcat8-docs-webapp-0:8.0.36-31.ep7.el6
  • tomcat8-docs-webapp-0:8.0.36-31.ep7.el7
  • tomcat8-el-2.2-api-0:8.0.36-31.ep7.el6
  • tomcat8-el-2.2-api-0:8.0.36-31.ep7.el7
  • tomcat8-javadoc-0:8.0.36-31.ep7.el6
  • tomcat8-javadoc-0:8.0.36-31.ep7.el7
  • tomcat8-jsp-2.3-api-0:8.0.36-31.ep7.el6
  • tomcat8-jsp-2.3-api-0:8.0.36-31.ep7.el7
  • tomcat8-jsvc-0:8.0.36-31.ep7.el6
  • tomcat8-jsvc-0:8.0.36-31.ep7.el7
  • tomcat8-lib-0:8.0.36-31.ep7.el6
  • tomcat8-lib-0:8.0.36-31.ep7.el7
  • tomcat8-log4j-0:8.0.36-31.ep7.el6
  • tomcat8-log4j-0:8.0.36-31.ep7.el7
  • tomcat8-selinux-0:8.0.36-31.ep7.el6
  • tomcat8-selinux-0:8.0.36-31.ep7.el7
  • tomcat8-servlet-3.1-api-0:8.0.36-31.ep7.el6
  • tomcat8-servlet-3.1-api-0:8.0.36-31.ep7.el7
  • tomcat8-webapps-0:8.0.36-31.ep7.el6
  • tomcat8-webapps-0:8.0.36-31.ep7.el7
  • jws5-ecj-0:4.6.1-6.redhat_1.1.el6jws
  • jws5-ecj-0:4.6.1-6.redhat_1.1.el7jws
  • jws5-javapackages-tools-0:3.4.1-5.15.10.el6jws
  • jws5-javapackages-tools-0:3.4.1-5.15.10.el7jws
  • jws5-jboss-logging-0:3.3.1-5.Final_redhat_1.1.el6jws
  • jws5-jboss-logging-0:3.3.1-5.Final_redhat_1.1.el7jws
  • jws5-mod_cluster-0:1.4.0-9.Final_redhat_1.1.el6jws
  • jws5-mod_cluster-0:1.4.0-9.Final_redhat_1.1.el7jws
  • jws5-mod_cluster-tomcat-0:1.4.0-9.Final_redhat_1.1.el6jws
  • jws5-mod_cluster-tomcat-0:1.4.0-9.Final_redhat_1.1.el7jws
  • jws5-python-javapackages-0:3.4.1-5.15.10.el6jws
  • jws5-python-javapackages-0:3.4.1-5.15.10.el7jws
  • jws5-tomcat-0:9.0.7-17.redhat_16.1.el6jws
  • jws5-tomcat-0:9.0.7-17.redhat_16.1.el7jws
  • jws5-tomcat-admin-webapps-0:9.0.7-17.redhat_16.1.el6jws
  • jws5-tomcat-admin-webapps-0:9.0.7-17.redhat_16.1.el7jws
  • jws5-tomcat-docs-webapp-0:9.0.7-17.redhat_16.1.el6jws
  • jws5-tomcat-docs-webapp-0:9.0.7-17.redhat_16.1.el7jws
  • jws5-tomcat-el-3.0-api-0:9.0.7-17.redhat_16.1.el6jws
  • jws5-tomcat-el-3.0-api-0:9.0.7-17.redhat_16.1.el7jws
  • jws5-tomcat-javadoc-0:9.0.7-17.redhat_16.1.el6jws
  • jws5-tomcat-javadoc-0:9.0.7-17.redhat_16.1.el7jws
  • jws5-tomcat-jsp-2.3-api-0:9.0.7-17.redhat_16.1.el6jws
  • jws5-tomcat-jsp-2.3-api-0:9.0.7-17.redhat_16.1.el7jws
  • jws5-tomcat-jsvc-0:9.0.7-17.redhat_16.1.el6jws
  • jws5-tomcat-jsvc-0:9.0.7-17.redhat_16.1.el7jws
  • jws5-tomcat-lib-0:9.0.7-17.redhat_16.1.el6jws
  • jws5-tomcat-lib-0:9.0.7-17.redhat_16.1.el7jws
  • jws5-tomcat-native-0:1.2.17-26.redhat_26.el6jws
  • jws5-tomcat-native-0:1.2.17-26.redhat_26.el7jws
  • jws5-tomcat-native-debuginfo-0:1.2.17-26.redhat_26.el6jws
  • jws5-tomcat-native-debuginfo-0:1.2.17-26.redhat_26.el7jws
  • jws5-tomcat-selinux-0:9.0.7-17.redhat_16.1.el6jws
  • jws5-tomcat-selinux-0:9.0.7-17.redhat_16.1.el7jws
  • jws5-tomcat-servlet-4.0-api-0:9.0.7-17.redhat_16.1.el6jws
  • jws5-tomcat-servlet-4.0-api-0:9.0.7-17.redhat_16.1.el7jws
  • jws5-tomcat-vault-0:1.1.7-5.Final_redhat_2.1.el6jws
  • jws5-tomcat-vault-0:1.1.7-5.Final_redhat_2.1.el7jws
  • jws5-tomcat-vault-javadoc-0:1.1.7-5.Final_redhat_2.1.el6jws
  • jws5-tomcat-vault-javadoc-0:1.1.7-5.Final_redhat_2.1.el7jws
  • jws5-tomcat-webapps-0:9.0.7-17.redhat_16.1.el6jws
  • jws5-tomcat-webapps-0:9.0.7-17.redhat_16.1.el7jws
  • apache-commons-collections-0:3.2.2-10.module+el8.0.0+3248+9d514f3b
  • apache-commons-lang-0:2.6-21.module+el8.0.0+3248+9d514f3b
  • bea-stax-api-0:1.2.0-16.module+el8.0.0+3248+9d514f3b
  • glassfish-fastinfoset-0:1.2.13-9.module+el8.0.0+3248+9d514f3b
  • glassfish-jaxb-api-0:2.2.12-8.module+el8.0.0+3248+9d514f3b
  • glassfish-jaxb-core-0:2.2.11-11.module+el8.0.0+3248+9d514f3b
  • glassfish-jaxb-runtime-0:2.2.11-11.module+el8.0.0+3248+9d514f3b
  • glassfish-jaxb-txw2-0:2.2.11-11.module+el8.0.0+3248+9d514f3b
  • jackson-annotations-0:2.9.8-1.module+el8.0.0+3248+9d514f3b
  • jackson-core-0:2.9.8-1.module+el8.0.0+3248+9d514f3b
  • jackson-databind-0:2.9.8-1.module+el8.0.0+3248+9d514f3b
  • jackson-jaxrs-json-provider-0:2.9.8-1.module+el8.0.0+3248+9d514f3b
  • jackson-jaxrs-providers-0:2.9.8-1.module+el8.0.0+3248+9d514f3b
  • jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.0.0+3248+9d514f3b
  • jakarta-commons-httpclient-1:3.1-28.module+el8.0.0+3248+9d514f3b
  • javassist-0:3.18.1-8.module+el8.0.0+3248+9d514f3b
  • javassist-javadoc-0:3.18.1-8.module+el8.0.0+3248+9d514f3b
  • pki-servlet-4.0-api-1:9.0.7-14.module+el8.0.0+3248+9d514f3b
  • pki-servlet-container-1:9.0.7-14.module+el8.0.0+3248+9d514f3b
  • python-nss-debugsource-0:1.0.1-10.module+el8.0.0+3248+9d514f3b
  • python-nss-doc-0:1.0.1-10.module+el8.0.0+3248+9d514f3b
  • python3-nss-0:1.0.1-10.module+el8.0.0+3248+9d514f3b
  • python3-nss-debuginfo-0:1.0.1-10.module+el8.0.0+3248+9d514f3b
  • relaxngDatatype-0:2011.1-7.module+el8.0.0+3248+9d514f3b
  • resteasy-0:3.0.26-3.module+el8.0.0+3248+9d514f3b
  • slf4j-0:1.7.25-4.module+el8.0.0+3248+9d514f3b
  • slf4j-jdk14-0:1.7.25-4.module+el8.0.0+3248+9d514f3b
  • stax-ex-0:1.7.7-8.module+el8.0.0+3248+9d514f3b
  • velocity-0:1.7-24.module+el8.0.0+3248+9d514f3b
  • xalan-j2-0:2.7.1-38.module+el8.0.0+3248+9d514f3b
  • xerces-j2-0:2.11.0-34.module+el8.0.0+3248+9d514f3b
  • xml-commons-apis-0:1.4.01-25.module+el8.0.0+3248+9d514f3b
  • xml-commons-resolver-0:1.2-26.module+el8.0.0+3248+9d514f3b
  • xmlstreambuffer-0:1.5.4-8.module+el8.0.0+3248+9d514f3b
  • xsom-0:0-19.20110809svn.module+el8.0.0+3248+9d514f3b
  • tomcat-0:7.0.76-9.el7
  • tomcat-admin-webapps-0:7.0.76-9.el7
  • tomcat-docs-webapp-0:7.0.76-9.el7
  • tomcat-el-2.2-api-0:7.0.76-9.el7
  • tomcat-javadoc-0:7.0.76-9.el7
  • tomcat-jsp-2.2-api-0:7.0.76-9.el7
  • tomcat-jsvc-0:7.0.76-9.el7
  • tomcat-lib-0:7.0.76-9.el7
  • tomcat-servlet-3.0-api-0:7.0.76-9.el7
  • tomcat-webapps-0:7.0.76-9.el7
refmap via4
bid 104203
bugtraq 20191229 [SECURITY] [DSA 4596-1] tomcat8 security update
confirm
debian DSA-4596
misc https://www.oracle.com/security-alerts/cpuapr2020.html
mlist
  • [activemq-issues] 20190723 [jira] [Created] (AMQ-7249) Security Vulnerabilities in the ActiveMQ dependent jars.
  • [debian-lts-announce] 20180627 [SECURITY] [DLA 1400-1] tomcat7 security update
  • [debian-lts-announce] 20190813 [SECURITY] [DLA 1883-1] tomcat8 security update
  • [tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
  • [tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
  • [tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
  • [tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
  • [tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
  • [tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/
  • [tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/
  • [tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/
  • [tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/
  • [tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/
  • [tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/
  • [tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/
  • [tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/
  • [tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/
  • [tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/
  • [tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/
sectrack
  • 1040998
  • 1041888
ubuntu USN-3665-1
Last major update 03-10-2019 - 00:03
Published 16-05-2018 - 16:29
Last modified 03-10-2019 - 00:03
Back to Top