7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
h3. Issue Summary
The recently disclosed vulnerability regarding Apache Tomcat
affects the following versions:
Apache Tomcat 8.x from 8.5.1 to 8.5.56
Apache Tomcat 9.x from 9.0.0.M5 to 9.0.36
Apache Tomcat 10.x from 10.0.0-M1 to 10.0.0-M6
Additionally, the following disclosed vulnerability regarding Tomcat:
affects the following versions:
Apache Tomcat 7.x from 7.0.27 to 7.0.104
Apache Tomcat 8.x from 8.5.1 to 8.5.56
Apache Tomcat 9.x from 9.0.0.M5 to 9.0.36
Apache Tomcat 10.x from 10.0.0-M1 to 10.0.0-M6
We should bundle a more recent version of Tomcat so that Jira is not affected by this in the future.
h3. Steps to Reproduce
h3. Expected Results
h3. Actual Results
h3. Workaround
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P