csaf_redhat - rhsa-2019

rhsa-2019_2205

Vulnerability from csaf_redhat

Published

2019-08-06 13:01

Modified

2024-11-22 12:10

Summary

Red Hat Security Advisory: tomcat security, bug fix, and enhancement update

Notes

Topic

An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304) * tomcat: Late application of security constraints can lead to resource exposure for unauthorised users (CVE-2018-1305) * tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins (CVE-2018-8014) * tomcat: Host name verification missing in WebSocket client (CVE-2018-8034) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
   document: {
      aggregate_severity: {
         namespace: "https://access.redhat.com/security/updates/classification/",
         text: "Moderate",
      },
      category: "csaf_security_advisory",
      csaf_version: "2.0",
      distribution: {
         text: "Copyright © Red Hat, Inc. All rights reserved.",
         tlp: {
            label: "WHITE",
            url: "https://www.first.org/tlp/",
         },
      },
      lang: "en",
      notes: [
         {
            category: "summary",
            text: "An update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
            title: "Topic",
         },
         {
            category: "general",
            text: "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304)\n\n* tomcat: Late application of security constraints can lead to resource exposure for unauthorised users (CVE-2018-1305)\n\n* tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins (CVE-2018-8014)\n\n* tomcat: Host name verification missing in WebSocket client (CVE-2018-8034)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.",
            title: "Details",
         },
         {
            category: "legal_disclaimer",
            text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
            title: "Terms of Use",
         },
      ],
      publisher: {
         category: "vendor",
         contact_details: "https://access.redhat.com/security/team/contact/",
         issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
         name: "Red Hat Product Security",
         namespace: "https://www.redhat.com",
      },
      references: [
         {
            category: "self",
            summary: "https://access.redhat.com/errata/RHSA-2019:2205",
            url: "https://access.redhat.com/errata/RHSA-2019:2205",
         },
         {
            category: "external",
            summary: "https://access.redhat.com/security/updates/classification/#moderate",
            url: "https://access.redhat.com/security/updates/classification/#moderate",
         },
         {
            category: "external",
            summary: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index",
            url: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index",
         },
         {
            category: "external",
            summary: "1472950",
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1472950",
         },
         {
            category: "external",
            summary: "1548282",
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1548282",
         },
         {
            category: "external",
            summary: "1548289",
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1548289",
         },
         {
            category: "external",
            summary: "1579611",
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1579611",
         },
         {
            category: "external",
            summary: "1588703",
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1588703",
         },
         {
            category: "external",
            summary: "1607580",
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1607580",
         },
         {
            category: "self",
            summary: "Canonical URL",
            url: "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_2205.json",
         },
      ],
      title: "Red Hat Security Advisory: tomcat security, bug fix, and enhancement update",
      tracking: {
         current_release_date: "2024-11-22T12:10:24+00:00",
         generator: {
            date: "2024-11-22T12:10:24+00:00",
            engine: {
               name: "Red Hat SDEngine",
               version: "4.2.1",
            },
         },
         id: "RHSA-2019:2205",
         initial_release_date: "2019-08-06T13:01:58+00:00",
         revision_history: [
            {
               date: "2019-08-06T13:01:58+00:00",
               number: "1",
               summary: "Initial version",
            },
            {
               date: "2019-08-06T13:01:58+00:00",
               number: "2",
               summary: "Last updated version",
            },
            {
               date: "2024-11-22T12:10:24+00:00",
               number: "3",
               summary: "Last generated version",
            },
         ],
         status: "final",
         version: "3",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_name",
                        name: "Red Hat Enterprise Linux Client (v. 7)",
                        product: {
                           name: "Red Hat Enterprise Linux Client (v. 7)",
                           product_id: "7Client-7.7",
                           product_identification_helper: {
                              cpe: "cpe:/o:redhat:enterprise_linux:7::client",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "Red Hat Enterprise Linux Client Optional (v. 7)",
                        product: {
                           name: "Red Hat Enterprise Linux Client Optional (v. 7)",
                           product_id: "7Client-optional-7.7",
                           product_identification_helper: {
                              cpe: "cpe:/o:redhat:enterprise_linux:7::client",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "Red Hat Enterprise Linux ComputeNode (v. 7)",
                        product: {
                           name: "Red Hat Enterprise Linux ComputeNode (v. 7)",
                           product_id: "7ComputeNode-7.7",
                           product_identification_helper: {
                              cpe: "cpe:/o:redhat:enterprise_linux:7::computenode",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
                        product: {
                           name: "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
                           product_id: "7ComputeNode-optional-7.7",
                           product_identification_helper: {
                              cpe: "cpe:/o:redhat:enterprise_linux:7::computenode",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "Red Hat Enterprise Linux Server (v. 7)",
                        product: {
                           name: "Red Hat Enterprise Linux Server (v. 7)",
                           product_id: "7Server-7.7",
                           product_identification_helper: {
                              cpe: "cpe:/o:redhat:enterprise_linux:7::server",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "Red Hat Enterprise Linux Server Optional (v. 7)",
                        product: {
                           name: "Red Hat Enterprise Linux Server Optional (v. 7)",
                           product_id: "7Server-optional-7.7",
                           product_identification_helper: {
                              cpe: "cpe:/o:redhat:enterprise_linux:7::server",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "Red Hat Enterprise Linux Workstation (v. 7)",
                        product: {
                           name: "Red Hat Enterprise Linux Workstation (v. 7)",
                           product_id: "7Workstation-7.7",
                           product_identification_helper: {
                              cpe: "cpe:/o:redhat:enterprise_linux:7::workstation",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "Red Hat Enterprise Linux Workstation Optional (v. 7)",
                        product: {
                           name: "Red Hat Enterprise Linux Workstation Optional (v. 7)",
                           product_id: "7Workstation-optional-7.7",
                           product_identification_helper: {
                              cpe: "cpe:/o:redhat:enterprise_linux:7::workstation",
                           },
                        },
                     },
                  ],
                  category: "product_family",
                  name: "Red Hat Enterprise Linux",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "tomcat-javadoc-0:7.0.76-9.el7.noarch",
                        product: {
                           name: "tomcat-javadoc-0:7.0.76-9.el7.noarch",
                           product_id: "tomcat-javadoc-0:7.0.76-9.el7.noarch",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/tomcat-javadoc@7.0.76-9.el7?arch=noarch",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                        product: {
                           name: "tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                           product_id: "tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/tomcat-docs-webapp@7.0.76-9.el7?arch=noarch",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "tomcat-jsvc-0:7.0.76-9.el7.noarch",
                        product: {
                           name: "tomcat-jsvc-0:7.0.76-9.el7.noarch",
                           product_id: "tomcat-jsvc-0:7.0.76-9.el7.noarch",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/tomcat-jsvc@7.0.76-9.el7?arch=noarch",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                        product: {
                           name: "tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                           product_id: "tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/tomcat-el-2.2-api@7.0.76-9.el7?arch=noarch",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                        product: {
                           name: "tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                           product_id: "tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/tomcat-jsp-2.2-api@7.0.76-9.el7?arch=noarch",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                        product: {
                           name: "tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                           product_id: "tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/tomcat-servlet-3.0-api@7.0.76-9.el7?arch=noarch",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "tomcat-0:7.0.76-9.el7.noarch",
                        product: {
                           name: "tomcat-0:7.0.76-9.el7.noarch",
                           product_id: "tomcat-0:7.0.76-9.el7.noarch",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/tomcat@7.0.76-9.el7?arch=noarch",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "tomcat-lib-0:7.0.76-9.el7.noarch",
                        product: {
                           name: "tomcat-lib-0:7.0.76-9.el7.noarch",
                           product_id: "tomcat-lib-0:7.0.76-9.el7.noarch",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/tomcat-lib@7.0.76-9.el7?arch=noarch",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "tomcat-webapps-0:7.0.76-9.el7.noarch",
                        product: {
                           name: "tomcat-webapps-0:7.0.76-9.el7.noarch",
                           product_id: "tomcat-webapps-0:7.0.76-9.el7.noarch",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/tomcat-webapps@7.0.76-9.el7?arch=noarch",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                        product: {
                           name: "tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                           product_id: "tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/tomcat-admin-webapps@7.0.76-9.el7?arch=noarch",
                           },
                        },
                     },
                  ],
                  category: "architecture",
                  name: "noarch",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "tomcat-0:7.0.76-9.el7.src",
                        product: {
                           name: "tomcat-0:7.0.76-9.el7.src",
                           product_id: "tomcat-0:7.0.76-9.el7.src",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/tomcat@7.0.76-9.el7?arch=src",
                           },
                        },
                     },
                  ],
                  category: "architecture",
                  name: "src",
               },
            ],
            category: "vendor",
            name: "Red Hat",
         },
      ],
      relationships: [
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
               product_id: "7Client-7.7:tomcat-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Client-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.76-9.el7.src as a component of Red Hat Enterprise Linux Client (v. 7)",
               product_id: "7Client-7.7:tomcat-0:7.0.76-9.el7.src",
            },
            product_reference: "tomcat-0:7.0.76-9.el7.src",
            relates_to_product_reference: "7Client-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-admin-webapps-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
               product_id: "7Client-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Client-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-docs-webapp-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
               product_id: "7Client-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Client-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-el-2.2-api-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
               product_id: "7Client-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Client-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-javadoc-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
               product_id: "7Client-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-javadoc-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Client-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
               product_id: "7Client-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Client-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsvc-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
               product_id: "7Client-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-jsvc-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Client-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-lib-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
               product_id: "7Client-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-lib-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Client-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
               product_id: "7Client-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Client-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-webapps-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
               product_id: "7Client-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-webapps-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Client-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
               product_id: "7Client-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Client-optional-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.76-9.el7.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
               product_id: "7Client-optional-7.7:tomcat-0:7.0.76-9.el7.src",
            },
            product_reference: "tomcat-0:7.0.76-9.el7.src",
            relates_to_product_reference: "7Client-optional-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-admin-webapps-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
               product_id: "7Client-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Client-optional-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-docs-webapp-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
               product_id: "7Client-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Client-optional-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-el-2.2-api-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
               product_id: "7Client-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Client-optional-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-javadoc-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
               product_id: "7Client-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-javadoc-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Client-optional-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
               product_id: "7Client-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Client-optional-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsvc-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
               product_id: "7Client-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-jsvc-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Client-optional-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-lib-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
               product_id: "7Client-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-lib-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Client-optional-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
               product_id: "7Client-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Client-optional-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-webapps-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
               product_id: "7Client-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-webapps-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Client-optional-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
               product_id: "7ComputeNode-7.7:tomcat-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7ComputeNode-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.76-9.el7.src as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
               product_id: "7ComputeNode-7.7:tomcat-0:7.0.76-9.el7.src",
            },
            product_reference: "tomcat-0:7.0.76-9.el7.src",
            relates_to_product_reference: "7ComputeNode-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-admin-webapps-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
               product_id: "7ComputeNode-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7ComputeNode-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-docs-webapp-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
               product_id: "7ComputeNode-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7ComputeNode-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-el-2.2-api-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
               product_id: "7ComputeNode-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7ComputeNode-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-javadoc-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
               product_id: "7ComputeNode-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-javadoc-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7ComputeNode-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
               product_id: "7ComputeNode-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7ComputeNode-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsvc-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
               product_id: "7ComputeNode-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-jsvc-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7ComputeNode-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-lib-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
               product_id: "7ComputeNode-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-lib-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7ComputeNode-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
               product_id: "7ComputeNode-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7ComputeNode-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-webapps-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
               product_id: "7ComputeNode-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-webapps-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7ComputeNode-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
               product_id: "7ComputeNode-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7ComputeNode-optional-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.76-9.el7.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
               product_id: "7ComputeNode-optional-7.7:tomcat-0:7.0.76-9.el7.src",
            },
            product_reference: "tomcat-0:7.0.76-9.el7.src",
            relates_to_product_reference: "7ComputeNode-optional-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-admin-webapps-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
               product_id: "7ComputeNode-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7ComputeNode-optional-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-docs-webapp-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
               product_id: "7ComputeNode-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7ComputeNode-optional-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-el-2.2-api-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
               product_id: "7ComputeNode-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7ComputeNode-optional-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-javadoc-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
               product_id: "7ComputeNode-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-javadoc-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7ComputeNode-optional-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
               product_id: "7ComputeNode-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7ComputeNode-optional-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsvc-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
               product_id: "7ComputeNode-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-jsvc-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7ComputeNode-optional-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-lib-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
               product_id: "7ComputeNode-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-lib-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7ComputeNode-optional-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
               product_id: "7ComputeNode-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7ComputeNode-optional-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-webapps-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
               product_id: "7ComputeNode-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-webapps-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7ComputeNode-optional-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
               product_id: "7Server-7.7:tomcat-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Server-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.76-9.el7.src as a component of Red Hat Enterprise Linux Server (v. 7)",
               product_id: "7Server-7.7:tomcat-0:7.0.76-9.el7.src",
            },
            product_reference: "tomcat-0:7.0.76-9.el7.src",
            relates_to_product_reference: "7Server-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-admin-webapps-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
               product_id: "7Server-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Server-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-docs-webapp-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
               product_id: "7Server-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Server-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-el-2.2-api-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
               product_id: "7Server-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Server-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-javadoc-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
               product_id: "7Server-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-javadoc-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Server-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
               product_id: "7Server-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Server-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsvc-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
               product_id: "7Server-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-jsvc-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Server-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-lib-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
               product_id: "7Server-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-lib-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Server-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
               product_id: "7Server-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Server-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-webapps-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
               product_id: "7Server-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-webapps-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Server-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
               product_id: "7Server-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Server-optional-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.76-9.el7.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
               product_id: "7Server-optional-7.7:tomcat-0:7.0.76-9.el7.src",
            },
            product_reference: "tomcat-0:7.0.76-9.el7.src",
            relates_to_product_reference: "7Server-optional-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-admin-webapps-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
               product_id: "7Server-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Server-optional-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-docs-webapp-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
               product_id: "7Server-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Server-optional-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-el-2.2-api-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
               product_id: "7Server-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Server-optional-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-javadoc-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
               product_id: "7Server-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-javadoc-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Server-optional-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
               product_id: "7Server-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Server-optional-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsvc-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
               product_id: "7Server-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-jsvc-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Server-optional-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-lib-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
               product_id: "7Server-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-lib-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Server-optional-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
               product_id: "7Server-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Server-optional-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-webapps-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
               product_id: "7Server-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-webapps-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Server-optional-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
               product_id: "7Workstation-7.7:tomcat-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Workstation-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.76-9.el7.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
               product_id: "7Workstation-7.7:tomcat-0:7.0.76-9.el7.src",
            },
            product_reference: "tomcat-0:7.0.76-9.el7.src",
            relates_to_product_reference: "7Workstation-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-admin-webapps-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
               product_id: "7Workstation-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Workstation-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-docs-webapp-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
               product_id: "7Workstation-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Workstation-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-el-2.2-api-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
               product_id: "7Workstation-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Workstation-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-javadoc-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
               product_id: "7Workstation-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-javadoc-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Workstation-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
               product_id: "7Workstation-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Workstation-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsvc-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
               product_id: "7Workstation-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-jsvc-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Workstation-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-lib-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
               product_id: "7Workstation-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-lib-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Workstation-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
               product_id: "7Workstation-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Workstation-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-webapps-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
               product_id: "7Workstation-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-webapps-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Workstation-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
               product_id: "7Workstation-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Workstation-optional-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.76-9.el7.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
               product_id: "7Workstation-optional-7.7:tomcat-0:7.0.76-9.el7.src",
            },
            product_reference: "tomcat-0:7.0.76-9.el7.src",
            relates_to_product_reference: "7Workstation-optional-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-admin-webapps-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
               product_id: "7Workstation-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Workstation-optional-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-docs-webapp-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
               product_id: "7Workstation-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Workstation-optional-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-el-2.2-api-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
               product_id: "7Workstation-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Workstation-optional-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-javadoc-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
               product_id: "7Workstation-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-javadoc-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Workstation-optional-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
               product_id: "7Workstation-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Workstation-optional-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsvc-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
               product_id: "7Workstation-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-jsvc-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Workstation-optional-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-lib-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
               product_id: "7Workstation-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-lib-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Workstation-optional-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
               product_id: "7Workstation-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Workstation-optional-7.7",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-webapps-0:7.0.76-9.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
               product_id: "7Workstation-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
            },
            product_reference: "tomcat-webapps-0:7.0.76-9.el7.noarch",
            relates_to_product_reference: "7Workstation-optional-7.7",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2018-1304",
         cwe: {
            id: "CWE-284",
            name: "Improper Access Control",
         },
         discovery_date: "2018-02-23T00:00:00+00:00",
         ids: [
            {
               system_name: "Red Hat Bugzilla ID",
               text: "1548289",
            },
         ],
         notes: [
            {
               category: "description",
               text: "The URL pattern of \"\" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected.",
               title: "Vulnerability description",
            },
            {
               category: "summary",
               text: "tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources",
               title: "Vulnerability summary",
            },
            {
               category: "general",
               text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
               title: "CVSS score applicability",
            },
         ],
         product_status: {
            fixed: [
               "7Client-7.7:tomcat-0:7.0.76-9.el7.noarch",
               "7Client-7.7:tomcat-0:7.0.76-9.el7.src",
               "7Client-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
               "7Client-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
               "7Client-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
               "7Client-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
               "7Client-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
               "7Client-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
               "7Client-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
               "7Client-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
               "7Client-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
               "7Client-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
               "7Client-optional-7.7:tomcat-0:7.0.76-9.el7.src",
               "7Client-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
               "7Client-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
               "7Client-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
               "7Client-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
               "7Client-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
               "7Client-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
               "7Client-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
               "7Client-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
               "7Client-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
               "7ComputeNode-7.7:tomcat-0:7.0.76-9.el7.noarch",
               "7ComputeNode-7.7:tomcat-0:7.0.76-9.el7.src",
               "7ComputeNode-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
               "7ComputeNode-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
               "7ComputeNode-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
               "7ComputeNode-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
               "7ComputeNode-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
               "7ComputeNode-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
               "7ComputeNode-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
               "7ComputeNode-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
               "7ComputeNode-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
               "7ComputeNode-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
               "7ComputeNode-optional-7.7:tomcat-0:7.0.76-9.el7.src",
               "7ComputeNode-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
               "7ComputeNode-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
               "7ComputeNode-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
               "7ComputeNode-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
               "7ComputeNode-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
               "7ComputeNode-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
               "7ComputeNode-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
               "7ComputeNode-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
               "7ComputeNode-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
               "7Server-7.7:tomcat-0:7.0.76-9.el7.noarch",
               "7Server-7.7:tomcat-0:7.0.76-9.el7.src",
               "7Server-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
               "7Server-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
               "7Server-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
               "7Server-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
               "7Server-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
               "7Server-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
               "7Server-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
               "7Server-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
               "7Server-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
               "7Server-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
               "7Server-optional-7.7:tomcat-0:7.0.76-9.el7.src",
               "7Server-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
               "7Server-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
               "7Server-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
               "7Server-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
               "7Server-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
               "7Server-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
               "7Server-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
               "7Server-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
               "7Server-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
               "7Workstation-7.7:tomcat-0:7.0.76-9.el7.noarch",
               "7Workstation-7.7:tomcat-0:7.0.76-9.el7.src",
               "7Workstation-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
               "7Workstation-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
               "7Workstation-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
               "7Workstation-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
               "7Workstation-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
               "7Workstation-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
               "7Workstation-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
               "7Workstation-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
               "7Workstation-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
               "7Workstation-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
               "7Workstation-optional-7.7:tomcat-0:7.0.76-9.el7.src",
               "7Workstation-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
               "7Workstation-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
               "7Workstation-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
               "7Workstation-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
               "7Workstation-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
               "7Workstation-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
               "7Workstation-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
               "7Workstation-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
               "7Workstation-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
            ],
         },
         references: [
            {
               category: "self",
               summary: "Canonical URL",
               url: "https://access.redhat.com/security/cve/CVE-2018-1304",
            },
            {
               category: "external",
               summary: "RHBZ#1548289",
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1548289",
            },
            {
               category: "external",
               summary: "https://www.cve.org/CVERecord?id=CVE-2018-1304",
               url: "https://www.cve.org/CVERecord?id=CVE-2018-1304",
            },
            {
               category: "external",
               summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-1304",
               url: "https://nvd.nist.gov/vuln/detail/CVE-2018-1304",
            },
            {
               category: "external",
               summary: "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.85",
               url: "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.85",
            },
            {
               category: "external",
               summary: "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.50",
               url: "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.50",
            },
            {
               category: "external",
               summary: "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.28",
               url: "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.28",
            },
         ],
         release_date: "2018-01-31T00:00:00+00:00",
         remediations: [
            {
               category: "vendor_fix",
               date: "2019-08-06T13:01:58+00:00",
               details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
               product_ids: [
                  "7Client-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Client-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Client-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7ComputeNode-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7ComputeNode-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Server-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Server-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Workstation-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Workstation-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
               ],
               restart_required: {
                  category: "none",
               },
               url: "https://access.redhat.com/errata/RHSA-2019:2205",
            },
         ],
         scores: [
            {
               cvss_v3: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 6.5,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                  version: "3.0",
               },
               products: [
                  "7Client-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Client-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Client-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7ComputeNode-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7ComputeNode-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Server-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Server-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Workstation-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Workstation-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               details: "Moderate",
            },
         ],
         title: "tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources",
      },
      {
         cve: "CVE-2018-1305",
         cwe: {
            id: "CWE-284",
            name: "Improper Access Control",
         },
         discovery_date: "2018-02-23T00:00:00+00:00",
         ids: [
            {
               system_name: "Red Hat Bugzilla ID",
               text: "1548282",
            },
         ],
         notes: [
            {
               category: "description",
               text: "Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them.",
               title: "Vulnerability description",
            },
            {
               category: "summary",
               text: "tomcat: Late application of security constraints can lead to resource exposure for unauthorised users",
               title: "Vulnerability summary",
            },
            {
               category: "general",
               text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
               title: "CVSS score applicability",
            },
         ],
         product_status: {
            fixed: [
               "7Client-7.7:tomcat-0:7.0.76-9.el7.noarch",
               "7Client-7.7:tomcat-0:7.0.76-9.el7.src",
               "7Client-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
               "7Client-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
               "7Client-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
               "7Client-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
               "7Client-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
               "7Client-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
               "7Client-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
               "7Client-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
               "7Client-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
               "7Client-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
               "7Client-optional-7.7:tomcat-0:7.0.76-9.el7.src",
               "7Client-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
               "7Client-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
               "7Client-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
               "7Client-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
               "7Client-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
               "7Client-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
               "7Client-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
               "7Client-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
               "7Client-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
               "7ComputeNode-7.7:tomcat-0:7.0.76-9.el7.noarch",
               "7ComputeNode-7.7:tomcat-0:7.0.76-9.el7.src",
               "7ComputeNode-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
               "7ComputeNode-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
               "7ComputeNode-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
               "7ComputeNode-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
               "7ComputeNode-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
               "7ComputeNode-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
               "7ComputeNode-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
               "7ComputeNode-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
               "7ComputeNode-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
               "7ComputeNode-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
               "7ComputeNode-optional-7.7:tomcat-0:7.0.76-9.el7.src",
               "7ComputeNode-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
               "7ComputeNode-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
               "7ComputeNode-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
               "7ComputeNode-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
               "7ComputeNode-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
               "7ComputeNode-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
               "7ComputeNode-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
               "7ComputeNode-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
               "7ComputeNode-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
               "7Server-7.7:tomcat-0:7.0.76-9.el7.noarch",
               "7Server-7.7:tomcat-0:7.0.76-9.el7.src",
               "7Server-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
               "7Server-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
               "7Server-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
               "7Server-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
               "7Server-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
               "7Server-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
               "7Server-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
               "7Server-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
               "7Server-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
               "7Server-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
               "7Server-optional-7.7:tomcat-0:7.0.76-9.el7.src",
               "7Server-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
               "7Server-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
               "7Server-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
               "7Server-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
               "7Server-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
               "7Server-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
               "7Server-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
               "7Server-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
               "7Server-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
               "7Workstation-7.7:tomcat-0:7.0.76-9.el7.noarch",
               "7Workstation-7.7:tomcat-0:7.0.76-9.el7.src",
               "7Workstation-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
               "7Workstation-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
               "7Workstation-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
               "7Workstation-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
               "7Workstation-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
               "7Workstation-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
               "7Workstation-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
               "7Workstation-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
               "7Workstation-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
               "7Workstation-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
               "7Workstation-optional-7.7:tomcat-0:7.0.76-9.el7.src",
               "7Workstation-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
               "7Workstation-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
               "7Workstation-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
               "7Workstation-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
               "7Workstation-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
               "7Workstation-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
               "7Workstation-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
               "7Workstation-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
               "7Workstation-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
            ],
         },
         references: [
            {
               category: "self",
               summary: "Canonical URL",
               url: "https://access.redhat.com/security/cve/CVE-2018-1305",
            },
            {
               category: "external",
               summary: "RHBZ#1548282",
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1548282",
            },
            {
               category: "external",
               summary: "https://www.cve.org/CVERecord?id=CVE-2018-1305",
               url: "https://www.cve.org/CVERecord?id=CVE-2018-1305",
            },
            {
               category: "external",
               summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-1305",
               url: "https://nvd.nist.gov/vuln/detail/CVE-2018-1305",
            },
            {
               category: "external",
               summary: "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.85",
               url: "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.85",
            },
            {
               category: "external",
               summary: "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.50",
               url: "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.50",
            },
            {
               category: "external",
               summary: "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.28",
               url: "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.28",
            },
         ],
         release_date: "2018-02-23T00:00:00+00:00",
         remediations: [
            {
               category: "vendor_fix",
               date: "2019-08-06T13:01:58+00:00",
               details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
               product_ids: [
                  "7Client-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Client-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Client-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7ComputeNode-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7ComputeNode-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Server-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Server-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Workstation-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Workstation-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
               ],
               restart_required: {
                  category: "none",
               },
               url: "https://access.redhat.com/errata/RHSA-2019:2205",
            },
         ],
         scores: [
            {
               cvss_v3: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 4.8,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
                  version: "3.0",
               },
               products: [
                  "7Client-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Client-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Client-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7ComputeNode-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7ComputeNode-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Server-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Server-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Workstation-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Workstation-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               details: "Moderate",
            },
         ],
         title: "tomcat: Late application of security constraints can lead to resource exposure for unauthorised users",
      },
      {
         cve: "CVE-2018-8014",
         cwe: {
            id: "CWE-284",
            name: "Improper Access Control",
         },
         discovery_date: "2018-05-18T00:00:00+00:00",
         ids: [
            {
               system_name: "Red Hat Bugzilla ID",
               text: "1579611",
            },
         ],
         notes: [
            {
               category: "description",
               text: "The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue.",
               title: "Vulnerability description",
            },
            {
               category: "summary",
               text: "tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins",
               title: "Vulnerability summary",
            },
            {
               category: "general",
               text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
               title: "CVSS score applicability",
            },
         ],
         product_status: {
            fixed: [
               "7Client-7.7:tomcat-0:7.0.76-9.el7.noarch",
               "7Client-7.7:tomcat-0:7.0.76-9.el7.src",
               "7Client-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
               "7Client-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
               "7Client-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
               "7Client-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
               "7Client-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
               "7Client-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
               "7Client-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
               "7Client-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
               "7Client-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
               "7Client-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
               "7Client-optional-7.7:tomcat-0:7.0.76-9.el7.src",
               "7Client-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
               "7Client-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
               "7Client-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
               "7Client-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
               "7Client-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
               "7Client-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
               "7Client-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
               "7Client-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
               "7Client-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
               "7ComputeNode-7.7:tomcat-0:7.0.76-9.el7.noarch",
               "7ComputeNode-7.7:tomcat-0:7.0.76-9.el7.src",
               "7ComputeNode-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
               "7ComputeNode-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
               "7ComputeNode-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
               "7ComputeNode-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
               "7ComputeNode-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
               "7ComputeNode-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
               "7ComputeNode-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
               "7ComputeNode-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
               "7ComputeNode-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
               "7ComputeNode-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
               "7ComputeNode-optional-7.7:tomcat-0:7.0.76-9.el7.src",
               "7ComputeNode-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
               "7ComputeNode-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
               "7ComputeNode-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
               "7ComputeNode-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
               "7ComputeNode-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
               "7ComputeNode-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
               "7ComputeNode-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
               "7ComputeNode-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
               "7ComputeNode-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
               "7Server-7.7:tomcat-0:7.0.76-9.el7.noarch",
               "7Server-7.7:tomcat-0:7.0.76-9.el7.src",
               "7Server-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
               "7Server-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
               "7Server-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
               "7Server-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
               "7Server-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
               "7Server-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
               "7Server-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
               "7Server-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
               "7Server-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
               "7Server-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
               "7Server-optional-7.7:tomcat-0:7.0.76-9.el7.src",
               "7Server-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
               "7Server-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
               "7Server-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
               "7Server-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
               "7Server-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
               "7Server-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
               "7Server-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
               "7Server-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
               "7Server-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
               "7Workstation-7.7:tomcat-0:7.0.76-9.el7.noarch",
               "7Workstation-7.7:tomcat-0:7.0.76-9.el7.src",
               "7Workstation-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
               "7Workstation-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
               "7Workstation-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
               "7Workstation-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
               "7Workstation-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
               "7Workstation-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
               "7Workstation-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
               "7Workstation-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
               "7Workstation-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
               "7Workstation-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
               "7Workstation-optional-7.7:tomcat-0:7.0.76-9.el7.src",
               "7Workstation-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
               "7Workstation-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
               "7Workstation-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
               "7Workstation-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
               "7Workstation-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
               "7Workstation-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
               "7Workstation-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
               "7Workstation-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
               "7Workstation-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
            ],
         },
         references: [
            {
               category: "self",
               summary: "Canonical URL",
               url: "https://access.redhat.com/security/cve/CVE-2018-8014",
            },
            {
               category: "external",
               summary: "RHBZ#1579611",
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1579611",
            },
            {
               category: "external",
               summary: "https://www.cve.org/CVERecord?id=CVE-2018-8014",
               url: "https://www.cve.org/CVERecord?id=CVE-2018-8014",
            },
            {
               category: "external",
               summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-8014",
               url: "https://nvd.nist.gov/vuln/detail/CVE-2018-8014",
            },
            {
               category: "external",
               summary: "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.89",
               url: "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.89",
            },
            {
               category: "external",
               summary: "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.53",
               url: "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.53",
            },
            {
               category: "external",
               summary: "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.32",
               url: "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.32",
            },
            {
               category: "external",
               summary: "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.9",
               url: "http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.9",
            },
         ],
         release_date: "2018-05-17T00:00:00+00:00",
         remediations: [
            {
               category: "vendor_fix",
               date: "2019-08-06T13:01:58+00:00",
               details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
               product_ids: [
                  "7Client-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Client-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Client-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7ComputeNode-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7ComputeNode-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Server-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Server-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Workstation-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Workstation-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
               ],
               restart_required: {
                  category: "none",
               },
               url: "https://access.redhat.com/errata/RHSA-2019:2205",
            },
            {
               category: "workaround",
               details: "When using the CORS filter, it is recommended to configure it explicitly for your environment.  In particular, the combination of `cors.allowed.origins = *` and `cors.support.credentials = True` should be avoided as this  can leave your application vulnerable to cross-site scripting (XSS). For details on configuring CORS filter, please refer to https://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#CORS_Filter",
               product_ids: [
                  "7Client-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Client-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Client-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7ComputeNode-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7ComputeNode-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Server-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Server-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Workstation-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Workstation-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 5.7,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
                  version: "3.0",
               },
               products: [
                  "7Client-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Client-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Client-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7ComputeNode-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7ComputeNode-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Server-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Server-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Workstation-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Workstation-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               details: "Moderate",
            },
         ],
         title: "tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins",
      },
      {
         cve: "CVE-2018-8034",
         cwe: {
            id: "CWE-20",
            name: "Improper Input Validation",
         },
         discovery_date: "2018-07-22T00:00:00+00:00",
         ids: [
            {
               system_name: "Red Hat Bugzilla ID",
               text: "1607580",
            },
         ],
         notes: [
            {
               category: "description",
               text: "The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.",
               title: "Vulnerability description",
            },
            {
               category: "summary",
               text: "tomcat: Host name verification missing in WebSocket client",
               title: "Vulnerability summary",
            },
            {
               category: "other",
               text: "Tomcat 6, and Red Hat products shipping it, are not affected by this CVE. Tomcat 7, 8, and 9, as well as Red Hat Products shipping them, are affected. Affected products, including Red Hat JBoss Web Server 3 and 5, Enterprise Application Server 6, and Fuse 7, may provide fixes for this issue in a future release.",
               title: "Statement",
            },
            {
               category: "general",
               text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
               title: "CVSS score applicability",
            },
         ],
         product_status: {
            fixed: [
               "7Client-7.7:tomcat-0:7.0.76-9.el7.noarch",
               "7Client-7.7:tomcat-0:7.0.76-9.el7.src",
               "7Client-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
               "7Client-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
               "7Client-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
               "7Client-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
               "7Client-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
               "7Client-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
               "7Client-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
               "7Client-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
               "7Client-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
               "7Client-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
               "7Client-optional-7.7:tomcat-0:7.0.76-9.el7.src",
               "7Client-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
               "7Client-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
               "7Client-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
               "7Client-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
               "7Client-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
               "7Client-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
               "7Client-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
               "7Client-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
               "7Client-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
               "7ComputeNode-7.7:tomcat-0:7.0.76-9.el7.noarch",
               "7ComputeNode-7.7:tomcat-0:7.0.76-9.el7.src",
               "7ComputeNode-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
               "7ComputeNode-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
               "7ComputeNode-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
               "7ComputeNode-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
               "7ComputeNode-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
               "7ComputeNode-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
               "7ComputeNode-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
               "7ComputeNode-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
               "7ComputeNode-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
               "7ComputeNode-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
               "7ComputeNode-optional-7.7:tomcat-0:7.0.76-9.el7.src",
               "7ComputeNode-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
               "7ComputeNode-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
               "7ComputeNode-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
               "7ComputeNode-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
               "7ComputeNode-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
               "7ComputeNode-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
               "7ComputeNode-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
               "7ComputeNode-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
               "7ComputeNode-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
               "7Server-7.7:tomcat-0:7.0.76-9.el7.noarch",
               "7Server-7.7:tomcat-0:7.0.76-9.el7.src",
               "7Server-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
               "7Server-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
               "7Server-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
               "7Server-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
               "7Server-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
               "7Server-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
               "7Server-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
               "7Server-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
               "7Server-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
               "7Server-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
               "7Server-optional-7.7:tomcat-0:7.0.76-9.el7.src",
               "7Server-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
               "7Server-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
               "7Server-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
               "7Server-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
               "7Server-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
               "7Server-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
               "7Server-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
               "7Server-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
               "7Server-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
               "7Workstation-7.7:tomcat-0:7.0.76-9.el7.noarch",
               "7Workstation-7.7:tomcat-0:7.0.76-9.el7.src",
               "7Workstation-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
               "7Workstation-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
               "7Workstation-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
               "7Workstation-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
               "7Workstation-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
               "7Workstation-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
               "7Workstation-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
               "7Workstation-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
               "7Workstation-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
               "7Workstation-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
               "7Workstation-optional-7.7:tomcat-0:7.0.76-9.el7.src",
               "7Workstation-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
               "7Workstation-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
               "7Workstation-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
               "7Workstation-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
               "7Workstation-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
               "7Workstation-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
               "7Workstation-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
               "7Workstation-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
               "7Workstation-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
            ],
         },
         references: [
            {
               category: "self",
               summary: "Canonical URL",
               url: "https://access.redhat.com/security/cve/CVE-2018-8034",
            },
            {
               category: "external",
               summary: "RHBZ#1607580",
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1607580",
            },
            {
               category: "external",
               summary: "https://www.cve.org/CVERecord?id=CVE-2018-8034",
               url: "https://www.cve.org/CVERecord?id=CVE-2018-8034",
            },
            {
               category: "external",
               summary: "https://nvd.nist.gov/vuln/detail/CVE-2018-8034",
               url: "https://nvd.nist.gov/vuln/detail/CVE-2018-8034",
            },
         ],
         release_date: "2018-07-22T00:00:00+00:00",
         remediations: [
            {
               category: "vendor_fix",
               date: "2019-08-06T13:01:58+00:00",
               details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
               product_ids: [
                  "7Client-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Client-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Client-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7ComputeNode-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7ComputeNode-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Server-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Server-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Workstation-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Workstation-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
               ],
               restart_required: {
                  category: "none",
               },
               url: "https://access.redhat.com/errata/RHSA-2019:2205",
            },
         ],
         scores: [
            {
               cvss_v3: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                  version: "3.0",
               },
               products: [
                  "7Client-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Client-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Client-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Client-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Client-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7ComputeNode-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7ComputeNode-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7ComputeNode-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Server-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Server-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Server-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Server-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Workstation-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-0:7.0.76-9.el7.src",
                  "7Workstation-optional-7.7:tomcat-admin-webapps-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-docs-webapp-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-el-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-javadoc-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-jsp-2.2-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-jsvc-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-lib-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-servlet-3.0-api-0:7.0.76-9.el7.noarch",
                  "7Workstation-optional-7.7:tomcat-webapps-0:7.0.76-9.el7.noarch",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               details: "Low",
            },
         ],
         title: "tomcat: Host name verification missing in WebSocket client",
      },
   ],
}

cve-2018-8014

Vulnerability from cvelistv5

Published

2018-05-16 16:00

Modified

2024-08-05 06:46

Severity ?

Summary

The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue.

References

▼	URL	Tags
	http://tomcat.apache.org/security-9.html	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2019:0451	vendor-advisory, x_refsource_REDHAT
	http://tomcat.apache.org/security-7.html	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2018:2469	vendor-advisory, x_refsource_REDHAT
	http://www.securitytracker.com/id/1041888	vdb-entry, x_refsource_SECTRACK
	https://usn.ubuntu.com/3665-1/	vendor-advisory, x_refsource_UBUNTU
	http://tomcat.apache.org/security-8.html	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2018:2470	vendor-advisory, x_refsource_REDHAT
	http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-20181018-0002/	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2019:0450	vendor-advisory, x_refsource_REDHAT
	https://lists.apache.org/thread.html/fbfb713e4f8a4c0f81089b89450828011343593800cae3fb629192b1%40%3Cannounce.tomcat.apache.org%3E	x_refsource_CONFIRM
	https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html	mailing-list, x_refsource_MLIST
	http://www.securityfocus.com/bid/104203	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1040998	vdb-entry, x_refsource_SECTRACK
	https://access.redhat.com/errata/RHSA-2018:3768	vendor-advisory, x_refsource_REDHAT
	https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2019:1529	vendor-advisory, x_refsource_REDHAT
	https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E	mailing-list, x_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2019:2205	vendor-advisory, x_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2019/08/msg00015.html	mailing-list, x_refsource_MLIST
	https://www.debian.org/security/2019/dsa-4596	vendor-advisory, x_refsource_DEBIAN
	https://seclists.org/bugtraq/2019/Dec/43	mailing-list, x_refsource_BUGTRAQ
	https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://www.oracle.com/security-alerts/cpuapr2020.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Tomcat	Version: 9.0.0.M1 to 9.0.8 Version: 8.5.0 to 8.5.31 Version: 8.0.0.RC1 to 8.0.52 Version: 7.0.41 to 7.0.88

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T06:46:11.468Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-9.html",
               },
               {
                  name: "RHSA-2019:0451",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:0451",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-7.html",
               },
               {
                  name: "RHSA-2018:2469",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:2469",
               },
               {
                  name: "1041888",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1041888",
               },
               {
                  name: "USN-3665-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/3665-1/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-8.html",
               },
               {
                  name: "RHSA-2018:2470",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:2470",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20181018-0002/",
               },
               {
                  name: "RHSA-2019:0450",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:0450",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/fbfb713e4f8a4c0f81089b89450828011343593800cae3fb629192b1%40%3Cannounce.tomcat.apache.org%3E",
               },
               {
                  name: "[debian-lts-announce] 20180627 [SECURITY] [DLA 1400-1] tomcat7 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html",
               },
               {
                  name: "104203",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/104203",
               },
               {
                  name: "1040998",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1040998",
               },
               {
                  name: "RHSA-2018:3768",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:3768",
               },
               {
                  name: "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "RHSA-2019:1529",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:1529",
               },
               {
                  name: "[activemq-issues] 20190723 [jira] [Created] (AMQ-7249) Security Vulnerabilities in the ActiveMQ dependent jars.",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E",
               },
               {
                  name: "RHSA-2019:2205",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:2205",
               },
               {
                  name: "[debian-lts-announce] 20190813 [SECURITY] [DLA 1883-1] tomcat8 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2019/08/msg00015.html",
               },
               {
                  name: "DSA-4596",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2019/dsa-4596",
               },
               {
                  name: "20191229 [SECURITY] [DSA 4596-1] tomcat8 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "https://seclists.org/bugtraq/2019/Dec/43",
               },
               {
                  name: "[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Apache Tomcat",
               vendor: "Apache Software Foundation",
               versions: [
                  {
                     status: "affected",
                     version: "9.0.0.M1 to 9.0.8",
                  },
                  {
                     status: "affected",
                     version: "8.5.0 to 8.5.31",
                  },
                  {
                     status: "affected",
                     version: "8.0.0.RC1 to 8.0.52",
                  },
                  {
                     status: "affected",
                     version: "7.0.41 to 7.0.88",
                  },
               ],
            },
         ],
         datePublic: "2018-05-16T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-04-15T21:06:47",
            orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            shortName: "apache",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-9.html",
            },
            {
               name: "RHSA-2019:0451",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:0451",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-7.html",
            },
            {
               name: "RHSA-2018:2469",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:2469",
            },
            {
               name: "1041888",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1041888",
            },
            {
               name: "USN-3665-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/3665-1/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-8.html",
            },
            {
               name: "RHSA-2018:2470",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:2470",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20181018-0002/",
            },
            {
               name: "RHSA-2019:0450",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:0450",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://lists.apache.org/thread.html/fbfb713e4f8a4c0f81089b89450828011343593800cae3fb629192b1%40%3Cannounce.tomcat.apache.org%3E",
            },
            {
               name: "[debian-lts-announce] 20180627 [SECURITY] [DLA 1400-1] tomcat7 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html",
            },
            {
               name: "104203",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/104203",
            },
            {
               name: "1040998",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1040998",
            },
            {
               name: "RHSA-2018:3768",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:3768",
            },
            {
               name: "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "RHSA-2019:1529",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:1529",
            },
            {
               name: "[activemq-issues] 20190723 [jira] [Created] (AMQ-7249) Security Vulnerabilities in the ActiveMQ dependent jars.",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E",
            },
            {
               name: "RHSA-2019:2205",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:2205",
            },
            {
               name: "[debian-lts-announce] 20190813 [SECURITY] [DLA 1883-1] tomcat8 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2019/08/msg00015.html",
            },
            {
               name: "DSA-4596",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2019/dsa-4596",
            },
            {
               name: "20191229 [SECURITY] [DSA 4596-1] tomcat8 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "https://seclists.org/bugtraq/2019/Dec/43",
            },
            {
               name: "[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@apache.org",
               ID: "CVE-2018-8014",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Apache Tomcat",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "9.0.0.M1 to 9.0.8",
                                       },
                                       {
                                          version_value: "8.5.0 to 8.5.31",
                                       },
                                       {
                                          version_value: "8.0.0.RC1 to 8.0.52",
                                       },
                                       {
                                          version_value: "7.0.41 to 7.0.88",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Apache Software Foundation",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://tomcat.apache.org/security-9.html",
                     refsource: "CONFIRM",
                     url: "http://tomcat.apache.org/security-9.html",
                  },
                  {
                     name: "RHSA-2019:0451",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2019:0451",
                  },
                  {
                     name: "http://tomcat.apache.org/security-7.html",
                     refsource: "CONFIRM",
                     url: "http://tomcat.apache.org/security-7.html",
                  },
                  {
                     name: "RHSA-2018:2469",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2018:2469",
                  },
                  {
                     name: "1041888",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1041888",
                  },
                  {
                     name: "USN-3665-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/3665-1/",
                  },
                  {
                     name: "http://tomcat.apache.org/security-8.html",
                     refsource: "CONFIRM",
                     url: "http://tomcat.apache.org/security-8.html",
                  },
                  {
                     name: "RHSA-2018:2470",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2018:2470",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20181018-0002/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20181018-0002/",
                  },
                  {
                     name: "RHSA-2019:0450",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2019:0450",
                  },
                  {
                     name: "https://lists.apache.org/thread.html/fbfb713e4f8a4c0f81089b89450828011343593800cae3fb629192b1@%3Cannounce.tomcat.apache.org%3E",
                     refsource: "CONFIRM",
                     url: "https://lists.apache.org/thread.html/fbfb713e4f8a4c0f81089b89450828011343593800cae3fb629192b1@%3Cannounce.tomcat.apache.org%3E",
                  },
                  {
                     name: "[debian-lts-announce] 20180627 [SECURITY] [DLA 1400-1] tomcat7 security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html",
                  },
                  {
                     name: "104203",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/104203",
                  },
                  {
                     name: "1040998",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1040998",
                  },
                  {
                     name: "RHSA-2018:3768",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2018:3768",
                  },
                  {
                     name: "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "RHSA-2019:1529",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2019:1529",
                  },
                  {
                     name: "[activemq-issues] 20190723 [jira] [Created] (AMQ-7249) Security Vulnerabilities in the ActiveMQ dependent jars.",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4@%3Cissues.activemq.apache.org%3E",
                  },
                  {
                     name: "RHSA-2019:2205",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2019:2205",
                  },
                  {
                     name: "[debian-lts-announce] 20190813 [SECURITY] [DLA 1883-1] tomcat8 security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2019/08/msg00015.html",
                  },
                  {
                     name: "DSA-4596",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2019/dsa-4596",
                  },
                  {
                     name: "20191229 [SECURITY] [DSA 4596-1] tomcat8 security update",
                     refsource: "BUGTRAQ",
                     url: "https://seclists.org/bugtraq/2019/Dec/43",
                  },
                  {
                     name: "[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuapr2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09",
      assignerShortName: "apache",
      cveId: "CVE-2018-8014",
      datePublished: "2018-05-16T16:00:00",
      dateReserved: "2018-03-09T00:00:00",
      dateUpdated: "2024-08-05T06:46:11.468Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-8034

Vulnerability from cvelistv5

Published

2018-08-01 18:00

Modified

2024-10-21 16:09

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.

References

▼	URL	Tags
	https://usn.ubuntu.com/3723-1/	vendor-advisory, x_refsource_UBUNTU
	http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722091057.GA70283%40minotaur.apache.org%3E	mailing-list, x_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2019:0451	vendor-advisory, x_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2018/07/msg00047.html	mailing-list, x_refsource_MLIST
	https://www.debian.org/security/2018/dsa-4281	vendor-advisory, x_refsource_DEBIAN
	http://www.securitytracker.com/id/1041374	vdb-entry, x_refsource_SECTRACK
	https://security.netapp.com/advisory/ntap-20180817-0001/	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2019:0131	vendor-advisory, x_refsource_REDHAT
	http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2019:0130	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:0450	vendor-advisory, x_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2018/09/msg00001.html	mailing-list, x_refsource_MLIST
	http://www.securityfocus.com/bid/104895	vdb-entry, x_refsource_BID
	https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	x_refsource_MISC
	https://access.redhat.com/errata/RHSA-2019:1160	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:1162	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:1159	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:1161	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:1529	vendor-advisory, x_refsource_REDHAT
	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	x_refsource_MISC
	https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E	mailing-list, x_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2019:2205	vendor-advisory, x_refsource_REDHAT
	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	x_refsource_MISC
	https://access.redhat.com/errata/RHSA-2019:3892	vendor-advisory, x_refsource_REDHAT
	https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://www.oracle.com/security-alerts/cpuapr2020.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Tomcat	Version: 9.0.0.M1 to 9.0.9 Version: 8.5.0 to 8.5.31 Version: 8.0.0.RC1 to 8.0.52 Version: 7.0.35 to 7.0.88

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T06:46:12.214Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "USN-3723-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/3723-1/",
               },
               {
                  name: "[www-announce] 20180722 [SECURITY] CVE-2018-8034 Apache Tomcat - Security Constraint Bypass",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722091057.GA70283%40minotaur.apache.org%3E",
               },
               {
                  name: "RHSA-2019:0451",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:0451",
               },
               {
                  name: "[debian-lts-announce] 20180730 [SECURITY] [DLA 1453-1] tomcat7 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00047.html",
               },
               {
                  name: "DSA-4281",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2018/dsa-4281",
               },
               {
                  name: "1041374",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1041374",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20180817-0001/",
               },
               {
                  name: "RHSA-2019:0131",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:0131",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
               },
               {
                  name: "RHSA-2019:0130",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:0130",
               },
               {
                  name: "RHSA-2019:0450",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:0450",
               },
               {
                  name: "[debian-lts-announce] 20180902 [SECURITY] [DLA 1491-1] tomcat8 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2018/09/msg00001.html",
               },
               {
                  name: "104895",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/104895",
               },
               {
                  name: "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
               },
               {
                  name: "RHSA-2019:1160",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:1160",
               },
               {
                  name: "RHSA-2019:1162",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:1162",
               },
               {
                  name: "RHSA-2019:1159",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:1159",
               },
               {
                  name: "RHSA-2019:1161",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:1161",
               },
               {
                  name: "RHSA-2019:1529",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:1529",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
               },
               {
                  name: "[activemq-issues] 20190723 [jira] [Created] (AMQ-7249) Security Vulnerabilities in the ActiveMQ dependent jars.",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E",
               },
               {
                  name: "RHSA-2019:2205",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:2205",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
               },
               {
                  name: "RHSA-2019:3892",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:3892",
               },
               {
                  name: "[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "LOW",
                     attackVector: "NETWORK",
                     availabilityImpact: "NONE",
                     baseScore: 7.5,
                     baseSeverity: "HIGH",
                     confidentialityImpact: "HIGH",
                     integrityImpact: "NONE",
                     privilegesRequired: "NONE",
                     scope: "UNCHANGED",
                     userInteraction: "NONE",
                     vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2018-8034",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-15T17:30:15.701472Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-295",
                        description: "CWE-295 Improper Certificate Validation",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-21T16:09:49.791Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Apache Tomcat",
               vendor: "Apache Software Foundation",
               versions: [
                  {
                     status: "affected",
                     version: "9.0.0.M1 to 9.0.9",
                  },
                  {
                     status: "affected",
                     version: "8.5.0 to 8.5.31",
                  },
                  {
                     status: "affected",
                     version: "8.0.0.RC1 to 8.0.52",
                  },
                  {
                     status: "affected",
                     version: "7.0.35 to 7.0.88",
                  },
               ],
            },
         ],
         datePublic: "2018-07-22T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Security Constraint Bypass",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-04-15T21:06:47",
            orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            shortName: "apache",
         },
         references: [
            {
               name: "USN-3723-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/3723-1/",
            },
            {
               name: "[www-announce] 20180722 [SECURITY] CVE-2018-8034 Apache Tomcat - Security Constraint Bypass",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722091057.GA70283%40minotaur.apache.org%3E",
            },
            {
               name: "RHSA-2019:0451",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:0451",
            },
            {
               name: "[debian-lts-announce] 20180730 [SECURITY] [DLA 1453-1] tomcat7 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00047.html",
            },
            {
               name: "DSA-4281",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2018/dsa-4281",
            },
            {
               name: "1041374",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1041374",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20180817-0001/",
            },
            {
               name: "RHSA-2019:0131",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:0131",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
            },
            {
               name: "RHSA-2019:0130",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:0130",
            },
            {
               name: "RHSA-2019:0450",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:0450",
            },
            {
               name: "[debian-lts-announce] 20180902 [SECURITY] [DLA 1491-1] tomcat8 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2018/09/msg00001.html",
            },
            {
               name: "104895",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/104895",
            },
            {
               name: "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
            },
            {
               name: "RHSA-2019:1160",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:1160",
            },
            {
               name: "RHSA-2019:1162",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:1162",
            },
            {
               name: "RHSA-2019:1159",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:1159",
            },
            {
               name: "RHSA-2019:1161",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:1161",
            },
            {
               name: "RHSA-2019:1529",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:1529",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
            },
            {
               name: "[activemq-issues] 20190723 [jira] [Created] (AMQ-7249) Security Vulnerabilities in the ActiveMQ dependent jars.",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E",
            },
            {
               name: "RHSA-2019:2205",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:2205",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
            },
            {
               name: "RHSA-2019:3892",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:3892",
            },
            {
               name: "[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@apache.org",
               DATE_PUBLIC: "2018-07-22T00:00:00",
               ID: "CVE-2018-8034",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Apache Tomcat",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "9.0.0.M1 to 9.0.9",
                                       },
                                       {
                                          version_value: "8.5.0 to 8.5.31",
                                       },
                                       {
                                          version_value: "8.0.0.RC1 to 8.0.52",
                                       },
                                       {
                                          version_value: "7.0.35 to 7.0.88",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Apache Software Foundation",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Security Constraint Bypass",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "USN-3723-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/3723-1/",
                  },
                  {
                     name: "[www-announce] 20180722 [SECURITY] CVE-2018-8034 Apache Tomcat - Security Constraint Bypass",
                     refsource: "MLIST",
                     url: "http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722091057.GA70283@minotaur.apache.org%3E",
                  },
                  {
                     name: "RHSA-2019:0451",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2019:0451",
                  },
                  {
                     name: "[debian-lts-announce] 20180730 [SECURITY] [DLA 1453-1] tomcat7 security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00047.html",
                  },
                  {
                     name: "DSA-4281",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2018/dsa-4281",
                  },
                  {
                     name: "1041374",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1041374",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20180817-0001/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20180817-0001/",
                  },
                  {
                     name: "RHSA-2019:0131",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2019:0131",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
                  },
                  {
                     name: "RHSA-2019:0130",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2019:0130",
                  },
                  {
                     name: "RHSA-2019:0450",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2019:0450",
                  },
                  {
                     name: "[debian-lts-announce] 20180902 [SECURITY] [DLA 1491-1] tomcat8 security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2018/09/msg00001.html",
                  },
                  {
                     name: "104895",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/104895",
                  },
                  {
                     name: "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
                  },
                  {
                     name: "RHSA-2019:1160",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2019:1160",
                  },
                  {
                     name: "RHSA-2019:1162",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2019:1162",
                  },
                  {
                     name: "RHSA-2019:1159",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2019:1159",
                  },
                  {
                     name: "RHSA-2019:1161",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2019:1161",
                  },
                  {
                     name: "RHSA-2019:1529",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2019:1529",
                  },
                  {
                     name: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
                  },
                  {
                     name: "[activemq-issues] 20190723 [jira] [Created] (AMQ-7249) Security Vulnerabilities in the ActiveMQ dependent jars.",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4@%3Cissues.activemq.apache.org%3E",
                  },
                  {
                     name: "RHSA-2019:2205",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2019:2205",
                  },
                  {
                     name: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
                  },
                  {
                     name: "RHSA-2019:3892",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2019:3892",
                  },
                  {
                     name: "[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuapr2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09",
      assignerShortName: "apache",
      cveId: "CVE-2018-8034",
      datePublished: "2018-08-01T18:00:00Z",
      dateReserved: "2018-03-09T00:00:00",
      dateUpdated: "2024-10-21T16:09:49.791Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-1304

Vulnerability from cvelistv5

Published

2018-02-28 20:00

Modified

2024-09-17 01:35

Severity ?

Summary

The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected.

References

▼	URL	Tags
	https://access.redhat.com/errata/RHSA-2018:1448	vendor-advisory, x_refsource_REDHAT
	https://security.netapp.com/advisory/ntap-20180706-0001/	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/103170	vdb-entry, x_refsource_BID
	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2018:1449	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1450	vendor-advisory, x_refsource_REDHAT
	https://lists.apache.org/thread.html/b1d7e2425d6fd2cebed40d318f9365b44546077e10949b01b1f8a0fb%40%3Cannounce.tomcat.apache.org%3E	x_refsource_MISC
	https://www.debian.org/security/2018/dsa-4281	vendor-advisory, x_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2018:2939	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:0465	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3665-1/	vendor-advisory, x_refsource_UBUNTU
	http://www.securitytracker.com/id/1040427	vdb-entry, x_refsource_SECTRACK
	https://access.redhat.com/errata/RHSA-2018:1320	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1451	vendor-advisory, x_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2018/03/msg00004.html	mailing-list, x_refsource_MLIST
	http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html	x_refsource_CONFIRM
	https://lists.debian.org/debian-lts-announce/2018/07/msg00044.html	mailing-list, x_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2018:0466	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:1447	vendor-advisory, x_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	x_refsource_MISC
	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	x_refsource_MISC
	https://access.redhat.com/errata/RHSA-2019:2205	vendor-advisory, x_refsource_REDHAT
	https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://www.oracle.com/security-alerts/cpuapr2020.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Tomcat	Version: Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49, 7.0.0 to 7.0.84

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T03:59:37.867Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2018:1448",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:1448",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20180706-0001/",
               },
               {
                  name: "103170",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/103170",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
               },
               {
                  name: "RHSA-2018:1449",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:1449",
               },
               {
                  name: "RHSA-2018:1450",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:1450",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/b1d7e2425d6fd2cebed40d318f9365b44546077e10949b01b1f8a0fb%40%3Cannounce.tomcat.apache.org%3E",
               },
               {
                  name: "DSA-4281",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2018/dsa-4281",
               },
               {
                  name: "RHSA-2018:2939",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:2939",
               },
               {
                  name: "RHSA-2018:0465",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:0465",
               },
               {
                  name: "USN-3665-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/3665-1/",
               },
               {
                  name: "1040427",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1040427",
               },
               {
                  name: "RHSA-2018:1320",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:1320",
               },
               {
                  name: "RHSA-2018:1451",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:1451",
               },
               {
                  name: "[debian-lts-announce] 20180306 [SECURITY] [DLA 1301-1] tomcat7 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2018/03/msg00004.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
               },
               {
                  name: "[debian-lts-announce] 20180729 [SECURITY] [DLA 1450-1] tomcat8 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00044.html",
               },
               {
                  name: "RHSA-2018:0466",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:0466",
               },
               {
                  name: "RHSA-2018:1447",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:1447",
               },
               {
                  name: "[debian-lts-announce] 20180627 [SECURITY] [DLA 1400-1] tomcat7 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html",
               },
               {
                  name: "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
               },
               {
                  name: "RHSA-2019:2205",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:2205",
               },
               {
                  name: "[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Apache Tomcat",
               vendor: "Apache Software Foundation",
               versions: [
                  {
                     status: "affected",
                     version: "Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49, 7.0.0 to 7.0.84",
                  },
               ],
            },
         ],
         datePublic: "2018-02-23T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The URL pattern of \"\" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Information Disclosure",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-04-15T21:06:45",
            orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            shortName: "apache",
         },
         references: [
            {
               name: "RHSA-2018:1448",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:1448",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20180706-0001/",
            },
            {
               name: "103170",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/103170",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
            },
            {
               name: "RHSA-2018:1449",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:1449",
            },
            {
               name: "RHSA-2018:1450",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:1450",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://lists.apache.org/thread.html/b1d7e2425d6fd2cebed40d318f9365b44546077e10949b01b1f8a0fb%40%3Cannounce.tomcat.apache.org%3E",
            },
            {
               name: "DSA-4281",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2018/dsa-4281",
            },
            {
               name: "RHSA-2018:2939",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:2939",
            },
            {
               name: "RHSA-2018:0465",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:0465",
            },
            {
               name: "USN-3665-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/3665-1/",
            },
            {
               name: "1040427",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1040427",
            },
            {
               name: "RHSA-2018:1320",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:1320",
            },
            {
               name: "RHSA-2018:1451",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:1451",
            },
            {
               name: "[debian-lts-announce] 20180306 [SECURITY] [DLA 1301-1] tomcat7 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2018/03/msg00004.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
            },
            {
               name: "[debian-lts-announce] 20180729 [SECURITY] [DLA 1450-1] tomcat8 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00044.html",
            },
            {
               name: "RHSA-2018:0466",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:0466",
            },
            {
               name: "RHSA-2018:1447",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:1447",
            },
            {
               name: "[debian-lts-announce] 20180627 [SECURITY] [DLA 1400-1] tomcat7 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html",
            },
            {
               name: "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
            },
            {
               name: "RHSA-2019:2205",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:2205",
            },
            {
               name: "[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@apache.org",
               DATE_PUBLIC: "2018-02-23T00:00:00",
               ID: "CVE-2018-1304",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Apache Tomcat",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49, 7.0.0 to 7.0.84",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Apache Software Foundation",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The URL pattern of \"\" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Information Disclosure",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "RHSA-2018:1448",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2018:1448",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20180706-0001/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20180706-0001/",
                  },
                  {
                     name: "103170",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/103170",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
                  },
                  {
                     name: "RHSA-2018:1449",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2018:1449",
                  },
                  {
                     name: "RHSA-2018:1450",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2018:1450",
                  },
                  {
                     name: "https://lists.apache.org/thread.html/b1d7e2425d6fd2cebed40d318f9365b44546077e10949b01b1f8a0fb@%3Cannounce.tomcat.apache.org%3E",
                     refsource: "MISC",
                     url: "https://lists.apache.org/thread.html/b1d7e2425d6fd2cebed40d318f9365b44546077e10949b01b1f8a0fb@%3Cannounce.tomcat.apache.org%3E",
                  },
                  {
                     name: "DSA-4281",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2018/dsa-4281",
                  },
                  {
                     name: "RHSA-2018:2939",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2018:2939",
                  },
                  {
                     name: "RHSA-2018:0465",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2018:0465",
                  },
                  {
                     name: "USN-3665-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/3665-1/",
                  },
                  {
                     name: "1040427",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1040427",
                  },
                  {
                     name: "RHSA-2018:1320",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2018:1320",
                  },
                  {
                     name: "RHSA-2018:1451",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2018:1451",
                  },
                  {
                     name: "[debian-lts-announce] 20180306 [SECURITY] [DLA 1301-1] tomcat7 security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2018/03/msg00004.html",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
                  },
                  {
                     name: "[debian-lts-announce] 20180729 [SECURITY] [DLA 1450-1] tomcat8 security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00044.html",
                  },
                  {
                     name: "RHSA-2018:0466",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2018:0466",
                  },
                  {
                     name: "RHSA-2018:1447",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2018:1447",
                  },
                  {
                     name: "[debian-lts-announce] 20180627 [SECURITY] [DLA 1400-1] tomcat7 security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html",
                  },
                  {
                     name: "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
                  },
                  {
                     name: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
                  },
                  {
                     name: "RHSA-2019:2205",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2019:2205",
                  },
                  {
                     name: "[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuapr2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09",
      assignerShortName: "apache",
      cveId: "CVE-2018-1304",
      datePublished: "2018-02-28T20:00:00Z",
      dateReserved: "2017-12-07T00:00:00",
      dateUpdated: "2024-09-17T01:35:47.135Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-1305

Vulnerability from cvelistv5

Published

2018-02-23 23:00

Modified

2024-09-17 01:12

Severity ?

Summary

Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them.

References

▼	URL	Tags
	http://www.securityfocus.com/bid/103144	vdb-entry, x_refsource_BID
	https://security.netapp.com/advisory/ntap-20180706-0001/	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	x_refsource_CONFIRM
	https://www.debian.org/security/2018/dsa-4281	vendor-advisory, x_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2018:2939	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:0465	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3665-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:1320	vendor-advisory, x_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2018/03/msg00004.html	mailing-list, x_refsource_MLIST
	http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html	x_refsource_CONFIRM
	https://lists.apache.org/thread.html/d3354bb0a4eda4acc0a66f3eb24a213fdb75d12c7d16060b23e65781%40%3Cannounce.tomcat.apache.org%3E	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2018/07/msg00044.html	mailing-list, x_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2018:0466	vendor-advisory, x_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html	mailing-list, x_refsource_MLIST
	http://www.securitytracker.com/id/1040428	vdb-entry, x_refsource_SECTRACK
	https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	x_refsource_MISC
	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	x_refsource_MISC
	https://access.redhat.com/errata/RHSA-2019:2205	vendor-advisory, x_refsource_REDHAT
	https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://www.oracle.com/security-alerts/cpuapr2020.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Tomcat	Version: Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49, 7.0.0 to 7.0.84

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T03:59:38.832Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "103144",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/103144",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20180706-0001/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
               },
               {
                  name: "DSA-4281",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2018/dsa-4281",
               },
               {
                  name: "RHSA-2018:2939",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:2939",
               },
               {
                  name: "RHSA-2018:0465",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:0465",
               },
               {
                  name: "USN-3665-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/3665-1/",
               },
               {
                  name: "RHSA-2018:1320",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:1320",
               },
               {
                  name: "[debian-lts-announce] 20180306 [SECURITY] [DLA 1301-1] tomcat7 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2018/03/msg00004.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/d3354bb0a4eda4acc0a66f3eb24a213fdb75d12c7d16060b23e65781%40%3Cannounce.tomcat.apache.org%3E",
               },
               {
                  name: "[debian-lts-announce] 20180729 [SECURITY] [DLA 1450-1] tomcat8 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00044.html",
               },
               {
                  name: "RHSA-2018:0466",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:0466",
               },
               {
                  name: "[debian-lts-announce] 20180627 [SECURITY] [DLA 1400-1] tomcat7 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html",
               },
               {
                  name: "1040428",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1040428",
               },
               {
                  name: "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
               },
               {
                  name: "RHSA-2019:2205",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:2205",
               },
               {
                  name: "[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Apache Tomcat",
               vendor: "Apache Software Foundation",
               versions: [
                  {
                     status: "affected",
                     version: "Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49, 7.0.0 to 7.0.84",
                  },
               ],
            },
         ],
         datePublic: "2018-02-23T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Information Disclosure",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-04-15T21:06:46",
            orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            shortName: "apache",
         },
         references: [
            {
               name: "103144",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/103144",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20180706-0001/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
            },
            {
               name: "DSA-4281",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2018/dsa-4281",
            },
            {
               name: "RHSA-2018:2939",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:2939",
            },
            {
               name: "RHSA-2018:0465",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:0465",
            },
            {
               name: "USN-3665-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/3665-1/",
            },
            {
               name: "RHSA-2018:1320",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:1320",
            },
            {
               name: "[debian-lts-announce] 20180306 [SECURITY] [DLA 1301-1] tomcat7 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2018/03/msg00004.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://lists.apache.org/thread.html/d3354bb0a4eda4acc0a66f3eb24a213fdb75d12c7d16060b23e65781%40%3Cannounce.tomcat.apache.org%3E",
            },
            {
               name: "[debian-lts-announce] 20180729 [SECURITY] [DLA 1450-1] tomcat8 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00044.html",
            },
            {
               name: "RHSA-2018:0466",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:0466",
            },
            {
               name: "[debian-lts-announce] 20180627 [SECURITY] [DLA 1400-1] tomcat7 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html",
            },
            {
               name: "1040428",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1040428",
            },
            {
               name: "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
            },
            {
               name: "RHSA-2019:2205",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:2205",
            },
            {
               name: "[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@apache.org",
               DATE_PUBLIC: "2018-02-23T00:00:00",
               ID: "CVE-2018-1305",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Apache Tomcat",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49, 7.0.0 to 7.0.84",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Apache Software Foundation",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Information Disclosure",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "103144",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/103144",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20180706-0001/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20180706-0001/",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
                  },
                  {
                     name: "DSA-4281",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2018/dsa-4281",
                  },
                  {
                     name: "RHSA-2018:2939",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2018:2939",
                  },
                  {
                     name: "RHSA-2018:0465",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2018:0465",
                  },
                  {
                     name: "USN-3665-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/3665-1/",
                  },
                  {
                     name: "RHSA-2018:1320",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2018:1320",
                  },
                  {
                     name: "[debian-lts-announce] 20180306 [SECURITY] [DLA 1301-1] tomcat7 security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2018/03/msg00004.html",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
                  },
                  {
                     name: "https://lists.apache.org/thread.html/d3354bb0a4eda4acc0a66f3eb24a213fdb75d12c7d16060b23e65781@%3Cannounce.tomcat.apache.org%3E",
                     refsource: "MISC",
                     url: "https://lists.apache.org/thread.html/d3354bb0a4eda4acc0a66f3eb24a213fdb75d12c7d16060b23e65781@%3Cannounce.tomcat.apache.org%3E",
                  },
                  {
                     name: "[debian-lts-announce] 20180729 [SECURITY] [DLA 1450-1] tomcat8 security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2018/07/msg00044.html",
                  },
                  {
                     name: "RHSA-2018:0466",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2018:0466",
                  },
                  {
                     name: "[debian-lts-announce] 20180627 [SECURITY] [DLA 1400-1] tomcat7 security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html",
                  },
                  {
                     name: "1040428",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1040428",
                  },
                  {
                     name: "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
                  },
                  {
                     name: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
                  },
                  {
                     name: "RHSA-2019:2205",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2019:2205",
                  },
                  {
                     name: "[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuapr2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09",
      assignerShortName: "apache",
      cveId: "CVE-2018-1305",
      datePublished: "2018-02-23T23:00:00Z",
      dateReserved: "2017-12-07T00:00:00",
      dateUpdated: "2024-09-17T01:12:10.097Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

rhsa-2019_2205

Vulnerability from csaf_redhat

cve-2018-8014

Vulnerability from cvelistv5

cve-2018-8034

Vulnerability from cvelistv5

cve-2018-1304

Vulnerability from cvelistv5

cve-2018-1305

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature