gsd-2018-1336
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.
Aliases
Aliases
{ GSD: { alias: "CVE-2018-1336", description: "An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.", id: "GSD-2018-1336", references: [ "https://www.suse.com/security/cve/CVE-2018-1336.html", "https://www.debian.org/security/2018/dsa-4281", "https://access.redhat.com/errata/RHSA-2018:3768", "https://access.redhat.com/errata/RHSA-2018:2945", "https://access.redhat.com/errata/RHSA-2018:2939", "https://access.redhat.com/errata/RHSA-2018:2930", "https://access.redhat.com/errata/RHSA-2018:2921", "https://access.redhat.com/errata/RHSA-2018:2743", "https://access.redhat.com/errata/RHSA-2018:2742", "https://access.redhat.com/errata/RHSA-2018:2741", "https://access.redhat.com/errata/RHSA-2018:2740", "https://access.redhat.com/errata/RHSA-2018:2701", "https://access.redhat.com/errata/RHSA-2018:2700", "https://access.redhat.com/errata/RHEA-2018:2189", "https://access.redhat.com/errata/RHEA-2018:2188", "https://ubuntu.com/security/CVE-2018-1336", "https://advisories.mageia.org/CVE-2018-1336.html", "https://alas.aws.amazon.com/cve/html/CVE-2018-1336.html", "https://linux.oracle.com/cve/CVE-2018-1336.html", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2018-1336", ], details: "An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.", id: "GSD-2018-1336", modified: "2023-12-13T01:22:37.515214Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "security@apache.org", DATE_PUBLIC: "2018-07-22T00:00:00", ID: "CVE-2018-1336", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Tomcat", version: { version_data: [ { version_value: "9.0.0.M9 to 9.0.7", }, { version_value: "8.5.0 to 8.5.30", }, { version_value: "8.0.0.RC1 to 8.0.51", }, { version_value: "7.0.28 to 7.0.86", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "USN-3723-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3723-1/", }, { name: "104898", refsource: "BID", url: "http://www.securityfocus.com/bid/104898", }, { name: "RHSA-2018:2740", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2740", }, { name: "RHSA-2018:2741", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2741", }, { name: "RHSA-2018:2921", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2921", }, { name: "RHSA-2018:2742", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2742", }, { name: "DSA-4281", refsource: "DEBIAN", url: "https://www.debian.org/security/2018/dsa-4281", }, { name: "RHSA-2018:2945", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2945", }, { name: "RHSA-2018:2939", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2939", }, { name: "RHSA-2018:2701", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2701", }, { name: "https://security.netapp.com/advisory/ntap-20180817-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20180817-0001/", }, { name: "RHEA-2018:2188", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHEA-2018:2188", }, { name: "[www-announce] 20180722 [SECURITY] CVE-2018-1336 Apache Tomcat - Denial of Service", refsource: "MLIST", url: "http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722090435.GA60759%40minotaur.apache.org%3E", }, { name: "RHEA-2018:2189", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHEA-2018:2189", }, { name: "RHSA-2018:2743", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2743", }, { name: "RHSA-2018:2700", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2700", }, { name: "[debian-lts-announce] 20180902 [SECURITY] [DLA 1491-1] tomcat8 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/09/msg00001.html", }, { name: "RHSA-2018:3768", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:3768", }, { name: "RHSA-2018:2930", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:2930", }, { name: "1041375", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1041375", }, { name: "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E", }, { name: "https://support.f5.com/csp/article/K73008537?utm_source=f5support&utm_medium=RSS", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K73008537?utm_source=f5support&utm_medium=RSS", }, { name: "[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, ], }, }, "gitlab.com": { advisories: [ { affected_range: "[9.0.0,9.0.7],[8.5.0,8.5.31),[8.0.0,8.0.51),[7.0.28,7.0.87)", affected_versions: "All versions starting from 9.0.0 up to 9.0.7, all versions starting from 8.5.0 before 8.5.31, all versions starting from 8.0.0 before 8.0.51, all versions starting from 7.0.28 before 7.0.87", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:N/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", cwe_ids: [ "CWE-1035", "CWE-835", "CWE-937", ], date: "2021-09-14", description: "An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.", fixed_versions: [ "9.0.8", "9.0.8", "9.0.8", "9.0.8", "8.0.51", "7.0.87", ], identifier: "CVE-2018-1336", identifiers: [ "GHSA-m59c-jpc8-m2x4", "CVE-2018-1336", ], not_impacted: "All versions before 9.0.0, all versions after 9.0.7, all versions before 8.5.0, all versions starting from 8.5.31, all versions before 8.0.0, all versions starting from 8.0.51, all versions before 7.0.28, all versions starting from 7.0.87", package_slug: "maven/org.apache.tomcat.embed/tomcat-embed-core", pubdate: "2018-10-17", solution: "Upgrade to versions 9.0.8, 9.0.8, 9.0.8, 9.0.8, 8.0.51, 7.0.87 or above.", title: "Loop with Unreachable Exit Condition ('Infinite Loop')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2018-1336", "https://access.redhat.com/errata/RHEA-2018:2188", "https://access.redhat.com/errata/RHEA-2018:2189", "https://access.redhat.com/errata/RHSA-2018:2700", "https://access.redhat.com/errata/RHSA-2018:2701", "https://access.redhat.com/errata/RHSA-2018:2740", "https://access.redhat.com/errata/RHSA-2018:2741", "https://access.redhat.com/errata/RHSA-2018:2742", "https://access.redhat.com/errata/RHSA-2018:2743", "https://access.redhat.com/errata/RHSA-2018:2921", "https://access.redhat.com/errata/RHSA-2018:2930", "https://access.redhat.com/errata/RHSA-2018:2939", "https://access.redhat.com/errata/RHSA-2018:2945", "https://access.redhat.com/errata/RHSA-2018:3768", "https://github.com/advisories/GHSA-m59c-jpc8-m2x4", "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E", "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E", "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E", "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E", "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E", "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E", "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E", "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E", "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E", "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E", "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E", "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E", "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E", "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E", "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E", "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E", "https://lists.debian.org/debian-lts-announce/2018/09/msg00001.html", "https://security.netapp.com/advisory/ntap-20180817-0001/", "https://support.f5.com/csp/article/K73008537?utm_source=f5support&utm_medium=RSS", "https://usn.ubuntu.com/3723-1/", "https://www.debian.org/security/2018/dsa-4281", "https://www.oracle.com/security-alerts/cpuapr2020.html", "http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722090435.GA60759%40minotaur.apache.org%3E", "http://www.securityfocus.com/bid/104898", "http://www.securitytracker.com/id/1041375", ], uuid: "b583674b-d58e-44ce-bf03-6a6e0960117e", }, { affected_range: "[,7.0.88), [8.0.0, 8.0.52), [8.5.0, 8.5.31), [9.0.0.M1, 9.0.8)", affected_versions: "All versions before 7.0.88, all versions starting from 8.0.0 before 8.0.52, all versions starting from 8.5.0 before 8.5.31, all versions starting from 9.0.0.m1 before 9.0.8", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:N/A:P", cvss_v3: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", cwe_ids: [ "CWE-1035", "CWE-835", "CWE-937", ], date: "2019-10-02", description: "An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service.", fixed_versions: [ "7.0.88", "8.0.52", "8.5.31", "9.0.8", ], identifier: "CVE-2018-1336", identifiers: [ "CVE-2018-1336", ], not_impacted: "All versions starting from 7.0.88 before 8.0.0, all versions starting from 8.0.52 before 8.5.0, all versions starting from 8.5.31 before 9.0.0.m1, all versions starting from 9.0.8", package_slug: "maven/org.apache.tomcat/tomcat-util", pubdate: "2018-08-02", solution: "Upgrade to versions 7.0.88, 8.0.52, 8.5.31, 9.0.8 or above.", title: "Denial of Service", urls: [ "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.88", "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.53", "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.31", "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.8", ], uuid: "d553ee10-6c3f-4455-962c-5d69944fcddd", }, { affected_range: "[7.0.28,7.0.86],[8.0.0,8.0.51],[8.5.0,8.5.30],[9.0.0,9.0.7]", affected_versions: "All versions starting from 7.0.28 up to 7.0.86, all versions starting from 8.0.0 up to 8.0.51, all versions starting from 8.5.0 up to 8.5.30, all versions starting from 9.0.0 up to 9.0.7", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:N/A:P", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", cwe_ids: [ "CWE-1035", "CWE-835", "CWE-937", ], date: "2020-03-03", description: "An improper handling of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service.", fixed_versions: [ "7.0.88", "8.0.52", "8.5.31", "9.0.8", ], identifier: "CVE-2018-1336", identifiers: [ "CVE-2018-1336", ], not_impacted: "All versions before 7.0.28, all versions after 7.0.86 before 8.0.0, all versions after 8.0.51 before 8.5.0, all versions after 8.5.30 before 9.0.0, all versions after 9.0.7", package_slug: "maven/org.apache.tomcat/tomcat", pubdate: "2018-08-02", solution: "Upgrade to versions 7.0.88, 8.0.52, 8.5.31, 9.0.8 or above.", title: "Loop with Unreachable Exit Condition (Infinite Loop)", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2018-1336", "http://www.securityfocus.com/bid/104898", "http://www.securitytracker.com/id/1041375", ], uuid: "dc59d55a-34cd-4d4c-921e-dace84368c20", }, ], }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:apache:tomcat:8.0.0:rc6:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:8.0.0:rc9:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:8.0.0:rc7:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:8.0.0:rc3:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:8.0.0:rc2:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:8.0.0:rc8:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:8.0.0:rc4:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "8.0.51", versionStartIncluding: "8.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "8.5.30", versionStartIncluding: "8.5.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "9.0.7", versionStartIncluding: "9.0.1", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "7.0.86", versionStartIncluding: "7.0.28", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:redhat:jboss_enterprise_web_server:5.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2018-1336", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-835", }, ], }, ], }, references: { reference_data: [ { name: "[www-announce] 20180722 [SECURITY] CVE-2018-1336 Apache Tomcat - Denial of Service", refsource: "MLIST", tags: [ "Mailing List", "Vendor Advisory", ], url: "http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722090435.GA60759%40minotaur.apache.org%3E", }, { name: "USN-3723-1", refsource: "UBUNTU", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3723-1/", }, { name: "1041375", refsource: "SECTRACK", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041375", }, { name: "104898", refsource: "BID", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104898", }, { name: "RHEA-2018:2189", refsource: "REDHAT", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHEA-2018:2189", }, { name: "RHEA-2018:2188", refsource: "REDHAT", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHEA-2018:2188", }, { name: "https://security.netapp.com/advisory/ntap-20180817-0001/", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20180817-0001/", }, { name: "DSA-4281", refsource: "DEBIAN", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2018/dsa-4281", }, { name: "[debian-lts-announce] 20180902 [SECURITY] [DLA 1491-1] tomcat8 security update", refsource: "MLIST", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/09/msg00001.html", }, { name: "RHSA-2018:2701", refsource: "REDHAT", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2701", }, { name: "RHSA-2018:2700", refsource: "REDHAT", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2700", }, { name: "RHSA-2018:2743", refsource: "REDHAT", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2743", }, { name: "RHSA-2018:2742", refsource: "REDHAT", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2742", }, { name: "RHSA-2018:2741", refsource: "REDHAT", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2741", }, { name: "RHSA-2018:2740", refsource: "REDHAT", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2740", }, { name: "RHSA-2018:2930", refsource: "REDHAT", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2930", }, { name: "RHSA-2018:2921", refsource: "REDHAT", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2921", }, { name: "RHSA-2018:2945", refsource: "REDHAT", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2945", }, { name: "RHSA-2018:2939", refsource: "REDHAT", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:2939", }, { name: "RHSA-2018:3768", refsource: "REDHAT", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2018:3768", }, { name: "N/A", refsource: "N/A", tags: [], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", refsource: "", tags: [], url: "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", refsource: "", tags: [], url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", refsource: "", tags: [], url: "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", refsource: "", tags: [], url: "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", refsource: "", tags: [], url: "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", refsource: "", tags: [], url: "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/", refsource: "", tags: [], url: "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", refsource: "", tags: [], url: "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", refsource: "", tags: [], url: "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", refsource: "", tags: [], url: "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", refsource: "", tags: [], url: "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E", }, { name: "https://support.f5.com/csp/article/K73008537?utm_source=f5support&%3Butm_medium=RSS", refsource: "", tags: [], url: "https://support.f5.com/csp/article/K73008537?utm_source=f5support&%3Butm_medium=RSS", }, { name: "[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/", refsource: "", tags: [], url: "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/", refsource: "", tags: [], url: "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", refsource: "", tags: [], url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/", refsource: "", tags: [], url: "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/", refsource: "", tags: [], url: "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E", }, ], }, }, impact: { baseMetricV2: { acInsufInfo: false, cvssV2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", userInteractionRequired: false, }, baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, }, }, lastModifiedDate: "2023-12-08T16:41Z", publishedDate: "2018-08-02T14:29Z", }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.