ID CVE-2018-8037
Summary If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2 connectors that did not correctly track the closure of the connection when an async request was completed by the application and timed out by the container at the same time. This could also result in a user seeing a response intended for another user. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.9 and 8.5.5 to 8.5.31.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:tomcat:8.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.10:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.10:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.11:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.11:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.12:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.12:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.13:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.13:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.14:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.14:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.15:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.15:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.16:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.16:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.17:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.17:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.18:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.18:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.19:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.19:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.21:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.21:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.22:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.22:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.23:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.23:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.24:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.24:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.25:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.25:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.26:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.26:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.27:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.27:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.28:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.28:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.29:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.29:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.30:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.30:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:8.5.31:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:8.5.31:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m10:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m10:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m11:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m11:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m12:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m12:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m13:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m13:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m14:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m14:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m15:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m15:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m16:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m16:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m17:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m17:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m18:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m18:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m19:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m19:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m20:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m20:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m21:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m21:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m22:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m22:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m23:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m23:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m24:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m24:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m25:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m25:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m26:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m26:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m27:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m27:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.0:m9:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.0:m9:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:tomcat:9.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:tomcat:9.0.9:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 15-04-2019 - 16:31)
Impact:
Exploitability:
CWE CWE-362
CAPEC
  • Leveraging Race Conditions
    The adversary targets a race condition occurring when multiple processes access and manipulate the same resource concurrently, and the outcome of the execution depends on the particular order in which the access takes place. The adversary can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance, a race condition can occur while accessing a file: the adversary can trick the system by replacing the original file with his version and cause the system to read the malicious file.
  • Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
    This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. A typical example is file access. The adversary can leverage a file access race condition by "running the race", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary could replace or modify the file, causing the application to behave unexpectedly.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:N/A:N
redhat via4
advisories
  • bugzilla
    id 1636512
    title CVE-2018-11784 tomcat: Open redirect in default servlet
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 8 is installed
        oval oval:com.redhat.rhba:tst:20193384074
      • comment Module pki-deps:10.6 is enabled
        oval oval:com.redhat.rhsa:tst:20191529069
      • OR
        • AND
          • comment apache-commons-collections is earlier than 0:3.2.2-10.module+el8.0.0+3248+9d514f3b
            oval oval:com.redhat.rhsa:tst:20191529001
          • comment apache-commons-collections is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20152522002
        • AND
          • comment apache-commons-lang is earlier than 0:2.6-21.module+el8.0.0+3248+9d514f3b
            oval oval:com.redhat.rhsa:tst:20191529003
          • comment apache-commons-lang is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191529004
        • AND
          • comment bea-stax-api is earlier than 0:1.2.0-16.module+el8.0.0+3248+9d514f3b
            oval oval:com.redhat.rhsa:tst:20191529005
          • comment bea-stax-api is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191529006
        • AND
          • comment glassfish-fastinfoset is earlier than 0:1.2.13-9.module+el8.0.0+3248+9d514f3b
            oval oval:com.redhat.rhsa:tst:20191529007
          • comment glassfish-fastinfoset is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191529008
        • AND
          • comment glassfish-jaxb-api is earlier than 0:2.2.12-8.module+el8.0.0+3248+9d514f3b
            oval oval:com.redhat.rhsa:tst:20191529009
          • comment glassfish-jaxb-api is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191529010
        • AND
          • comment glassfish-jaxb-core is earlier than 0:2.2.11-11.module+el8.0.0+3248+9d514f3b
            oval oval:com.redhat.rhsa:tst:20191529011
          • comment glassfish-jaxb-core is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191529012
        • AND
          • comment glassfish-jaxb-runtime is earlier than 0:2.2.11-11.module+el8.0.0+3248+9d514f3b
            oval oval:com.redhat.rhsa:tst:20191529013
          • comment glassfish-jaxb-runtime is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191529014
        • AND
          • comment glassfish-jaxb-txw2 is earlier than 0:2.2.11-11.module+el8.0.0+3248+9d514f3b
            oval oval:com.redhat.rhsa:tst:20191529015
          • comment glassfish-jaxb-txw2 is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191529016
        • AND
          • comment jackson-annotations is earlier than 0:2.9.8-1.module+el8.0.0+3248+9d514f3b
            oval oval:com.redhat.rhsa:tst:20191529017
          • comment jackson-annotations is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191529018
        • AND
          • comment jackson-core is earlier than 0:2.9.8-1.module+el8.0.0+3248+9d514f3b
            oval oval:com.redhat.rhsa:tst:20191529019
          • comment jackson-core is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191529020
        • AND
          • comment jackson-databind is earlier than 0:2.9.8-1.module+el8.0.0+3248+9d514f3b
            oval oval:com.redhat.rhsa:tst:20191529021
          • comment jackson-databind is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191529022
        • AND
          • comment jackson-jaxrs-json-provider is earlier than 0:2.9.8-1.module+el8.0.0+3248+9d514f3b
            oval oval:com.redhat.rhsa:tst:20191529023
          • comment jackson-jaxrs-json-provider is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191529024
        • AND
          • comment jackson-jaxrs-providers is earlier than 0:2.9.8-1.module+el8.0.0+3248+9d514f3b
            oval oval:com.redhat.rhsa:tst:20191529025
          • comment jackson-jaxrs-providers is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191529026
        • AND
          • comment jackson-module-jaxb-annotations is earlier than 0:2.7.6-4.module+el8.0.0+3248+9d514f3b
            oval oval:com.redhat.rhsa:tst:20191529027
          • comment jackson-module-jaxb-annotations is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191529028
        • AND
          • comment jakarta-commons-httpclient is earlier than 1:3.1-28.module+el8.0.0+3248+9d514f3b
            oval oval:com.redhat.rhsa:tst:20191529029
          • comment jakarta-commons-httpclient is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20130270002
        • AND
          • comment javassist is earlier than 0:3.18.1-8.module+el8.0.0+3248+9d514f3b
            oval oval:com.redhat.rhsa:tst:20191529031
          • comment javassist is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191529032
        • AND
          • comment javassist-javadoc is earlier than 0:3.18.1-8.module+el8.0.0+3248+9d514f3b
            oval oval:com.redhat.rhsa:tst:20191529033
          • comment javassist-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191529034
        • AND
          • comment pki-servlet-4.0-api is earlier than 1:9.0.7-14.module+el8.0.0+3248+9d514f3b
            oval oval:com.redhat.rhsa:tst:20191529035
          • comment pki-servlet-4.0-api is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191529036
        • AND
          • comment pki-servlet-container is earlier than 1:9.0.7-14.module+el8.0.0+3248+9d514f3b
            oval oval:com.redhat.rhsa:tst:20191529037
          • comment pki-servlet-container is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191529038
        • AND
          • comment python-nss-debugsource is earlier than 0:1.0.1-10.module+el8.0.0+3248+9d514f3b
            oval oval:com.redhat.rhsa:tst:20191529039
          • comment python-nss-debugsource is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191529040
        • AND
          • comment python-nss-doc is earlier than 0:1.0.1-10.module+el8.0.0+3248+9d514f3b
            oval oval:com.redhat.rhsa:tst:20191529041
          • comment python-nss-doc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191529042
        • AND
          • comment python3-nss is earlier than 0:1.0.1-10.module+el8.0.0+3248+9d514f3b
            oval oval:com.redhat.rhsa:tst:20191529043
          • comment python3-nss is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191529044
        • AND
          • comment relaxngDatatype is earlier than 0:2011.1-7.module+el8.0.0+3248+9d514f3b
            oval oval:com.redhat.rhsa:tst:20191529045
          • comment relaxngDatatype is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191529046
        • AND
          • comment resteasy is earlier than 0:3.0.26-3.module+el8.0.0+3248+9d514f3b
            oval oval:com.redhat.rhsa:tst:20191529047
          • comment resteasy is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191529048
        • AND
          • comment slf4j is earlier than 0:1.7.25-4.module+el8.0.0+3248+9d514f3b
            oval oval:com.redhat.rhsa:tst:20191529049
          • comment slf4j is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20180592002
        • AND
          • comment slf4j-jdk14 is earlier than 0:1.7.25-4.module+el8.0.0+3248+9d514f3b
            oval oval:com.redhat.rhsa:tst:20191529051
          • comment slf4j-jdk14 is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191529052
        • AND
          • comment stax-ex is earlier than 0:1.7.7-8.module+el8.0.0+3248+9d514f3b
            oval oval:com.redhat.rhsa:tst:20191529053
          • comment stax-ex is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191529054
        • AND
          • comment velocity is earlier than 0:1.7-24.module+el8.0.0+3248+9d514f3b
            oval oval:com.redhat.rhsa:tst:20191529055
          • comment velocity is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191529056
        • AND
          • comment xalan-j2 is earlier than 0:2.7.1-38.module+el8.0.0+3248+9d514f3b
            oval oval:com.redhat.rhsa:tst:20191529057
          • comment xalan-j2 is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140348013
        • AND
          • comment xerces-j2 is earlier than 0:2.11.0-34.module+el8.0.0+3248+9d514f3b
            oval oval:com.redhat.rhsa:tst:20191529059
          • comment xerces-j2 is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110858002
        • AND
          • comment xml-commons-apis is earlier than 0:1.4.01-25.module+el8.0.0+3248+9d514f3b
            oval oval:com.redhat.rhsa:tst:20191529061
          • comment xml-commons-apis is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191529062
        • AND
          • comment xml-commons-resolver is earlier than 0:1.2-26.module+el8.0.0+3248+9d514f3b
            oval oval:com.redhat.rhsa:tst:20191529063
          • comment xml-commons-resolver is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191529064
        • AND
          • comment xmlstreambuffer is earlier than 0:1.5.4-8.module+el8.0.0+3248+9d514f3b
            oval oval:com.redhat.rhsa:tst:20191529065
          • comment xmlstreambuffer is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191529066
        • AND
          • comment xsom is earlier than 0:0-19.20110809svn.module+el8.0.0+3248+9d514f3b
            oval oval:com.redhat.rhsa:tst:20191529067
          • comment xsom is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191529068
    rhsa
    id RHSA-2019:1529
    released 2019-06-18
    severity Important
    title RHSA-2019:1529: pki-deps:10.6 security update (Important)
  • rhsa
    id RHSA-2018:2867
  • rhsa
    id RHSA-2018:2868
rpms
  • jws5-tomcat-0:9.0.7-12.redhat_12.1.el6jws
  • jws5-tomcat-0:9.0.7-12.redhat_12.1.el7jws
  • jws5-tomcat-admin-webapps-0:9.0.7-12.redhat_12.1.el6jws
  • jws5-tomcat-admin-webapps-0:9.0.7-12.redhat_12.1.el7jws
  • jws5-tomcat-docs-webapp-0:9.0.7-12.redhat_12.1.el6jws
  • jws5-tomcat-docs-webapp-0:9.0.7-12.redhat_12.1.el7jws
  • jws5-tomcat-el-3.0-api-0:9.0.7-12.redhat_12.1.el6jws
  • jws5-tomcat-el-3.0-api-0:9.0.7-12.redhat_12.1.el7jws
  • jws5-tomcat-javadoc-0:9.0.7-12.redhat_12.1.el6jws
  • jws5-tomcat-javadoc-0:9.0.7-12.redhat_12.1.el7jws
  • jws5-tomcat-jsp-2.3-api-0:9.0.7-12.redhat_12.1.el6jws
  • jws5-tomcat-jsp-2.3-api-0:9.0.7-12.redhat_12.1.el7jws
  • jws5-tomcat-jsvc-0:9.0.7-12.redhat_12.1.el6jws
  • jws5-tomcat-jsvc-0:9.0.7-12.redhat_12.1.el7jws
  • jws5-tomcat-lib-0:9.0.7-12.redhat_12.1.el6jws
  • jws5-tomcat-lib-0:9.0.7-12.redhat_12.1.el7jws
  • jws5-tomcat-selinux-0:9.0.7-12.redhat_12.1.el6jws
  • jws5-tomcat-selinux-0:9.0.7-12.redhat_12.1.el7jws
  • jws5-tomcat-servlet-4.0-api-0:9.0.7-12.redhat_12.1.el6jws
  • jws5-tomcat-servlet-4.0-api-0:9.0.7-12.redhat_12.1.el7jws
  • jws5-tomcat-webapps-0:9.0.7-12.redhat_12.1.el6jws
  • jws5-tomcat-webapps-0:9.0.7-12.redhat_12.1.el7jws
  • apache-commons-collections-0:3.2.2-10.module+el8.0.0+3248+9d514f3b
  • apache-commons-lang-0:2.6-21.module+el8.0.0+3248+9d514f3b
  • bea-stax-api-0:1.2.0-16.module+el8.0.0+3248+9d514f3b
  • glassfish-fastinfoset-0:1.2.13-9.module+el8.0.0+3248+9d514f3b
  • glassfish-jaxb-api-0:2.2.12-8.module+el8.0.0+3248+9d514f3b
  • glassfish-jaxb-core-0:2.2.11-11.module+el8.0.0+3248+9d514f3b
  • glassfish-jaxb-runtime-0:2.2.11-11.module+el8.0.0+3248+9d514f3b
  • glassfish-jaxb-txw2-0:2.2.11-11.module+el8.0.0+3248+9d514f3b
  • jackson-annotations-0:2.9.8-1.module+el8.0.0+3248+9d514f3b
  • jackson-core-0:2.9.8-1.module+el8.0.0+3248+9d514f3b
  • jackson-databind-0:2.9.8-1.module+el8.0.0+3248+9d514f3b
  • jackson-jaxrs-json-provider-0:2.9.8-1.module+el8.0.0+3248+9d514f3b
  • jackson-jaxrs-providers-0:2.9.8-1.module+el8.0.0+3248+9d514f3b
  • jackson-module-jaxb-annotations-0:2.7.6-4.module+el8.0.0+3248+9d514f3b
  • jakarta-commons-httpclient-1:3.1-28.module+el8.0.0+3248+9d514f3b
  • javassist-0:3.18.1-8.module+el8.0.0+3248+9d514f3b
  • javassist-javadoc-0:3.18.1-8.module+el8.0.0+3248+9d514f3b
  • pki-servlet-4.0-api-1:9.0.7-14.module+el8.0.0+3248+9d514f3b
  • pki-servlet-container-1:9.0.7-14.module+el8.0.0+3248+9d514f3b
  • python-nss-debugsource-0:1.0.1-10.module+el8.0.0+3248+9d514f3b
  • python-nss-doc-0:1.0.1-10.module+el8.0.0+3248+9d514f3b
  • python3-nss-0:1.0.1-10.module+el8.0.0+3248+9d514f3b
  • python3-nss-debuginfo-0:1.0.1-10.module+el8.0.0+3248+9d514f3b
  • relaxngDatatype-0:2011.1-7.module+el8.0.0+3248+9d514f3b
  • resteasy-0:3.0.26-3.module+el8.0.0+3248+9d514f3b
  • slf4j-0:1.7.25-4.module+el8.0.0+3248+9d514f3b
  • slf4j-jdk14-0:1.7.25-4.module+el8.0.0+3248+9d514f3b
  • stax-ex-0:1.7.7-8.module+el8.0.0+3248+9d514f3b
  • velocity-0:1.7-24.module+el8.0.0+3248+9d514f3b
  • xalan-j2-0:2.7.1-38.module+el8.0.0+3248+9d514f3b
  • xerces-j2-0:2.11.0-34.module+el8.0.0+3248+9d514f3b
  • xml-commons-apis-0:1.4.01-25.module+el8.0.0+3248+9d514f3b
  • xml-commons-resolver-0:1.2-26.module+el8.0.0+3248+9d514f3b
  • xmlstreambuffer-0:1.5.4-8.module+el8.0.0+3248+9d514f3b
  • xsom-0:0-19.20110809svn.module+el8.0.0+3248+9d514f3b
refmap via4
bid 104894
confirm
debian DSA-4281
misc
mlist
  • [tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
  • [tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
  • [tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
  • [tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
  • [tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/
  • [tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/
  • [tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/
  • [tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/
  • [tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/
  • [tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/
  • [tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/
  • [tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/
  • [tomcat-users] 20191001 Additional Information on Apache Tomcat CVE-2018-8037
  • [tomcat-users] 20191001 Re: Additional Information on Apache Tomcat CVE-2018-8037
  • [www-announce] 20180722 [SECURITY] CVE-2018-8037 Apache Tomcat - Information Disclosure
  • [www-announce] 20180809 [UPDATE][SECURITY] CVE-2018-8037 Apache Tomcat - Information Disclosure
sectrack 1041376
Last major update 15-04-2019 - 16:31
Published 02-08-2018 - 14:29
Last modified 15-04-2019 - 16:31
Back to Top