CVE-2018-1304

🗓️ 28 Feb 2018 20:00:00Reported by apacheType

Apache Tomcat versions 7.0.0 to 9.0.4, 8.5.0 to 8.5.27 and 8.0.0.RC1 to 8.0.49 mishandles URL pattern of the empty string, allowing unauthorized access

Reporter	Title	Published	Views	Family All 154
IBM Security Bulletins	Security Bulletin: Vulnerability in Apache Tomcat affects IBM Platform Symphony, IBM Spectrum Symphony (CVE-2017-15698, CVE-2017-15706, CVE-2018-1323, CVE-2018-1305, CVE-2018-1304)	18 Jun 201801:43	–	ibm
IBM Security Bulletins	Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to security constraint bypass. (CVE-2018-1304, CVE-2018-1305)	6 Feb 201922:45	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2018-1323,CVE-2018-1305,CVE-2018-1304)	17 Jun 201805:28	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in Apache Tomcat affects IBM UrbanCode Deploy (CVE-2018-1304, CVE-2018-1305)	25 Oct 201820:45	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Business Intelligence has addressed multiple vulnerabilties	19 Dec 201921:01	–	ibm
IBM Security Bulletins	Security Bulletin: Rational Build Forge Security Advisory for Apache Tomcat and Apache HTTP Server (CVE-2018-11763; CVE-2018-11784)	15 Nov 201817:45	–	ibm
IBM Security Bulletins	Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2017-15698, CVE-2017-15706, CVE-2018-1304, CVE-2018-1305)	17 Jun 201815:51	–	ibm
IBM Security Bulletins	Security Bulletin: Rational DOORS Web Access is affected by Apache Tomcat vulnerabilities	22 Jun 201803:56	–	ibm
IBM Security Bulletins	Security Bulletin: Cloud Pak for Security contains packages that have multiple vulnerabilities	1 Apr 202216:38	–	ibm
IBM Security Bulletins	Security Bulletin: IBM WebSphere Cast Iron Solution is affected by Tomcat vulnerabilities	6 Aug 201814:27	–	ibm

NVD

Vulners

Node

apache tomcatRange7.0.0–7.0.84

apache tomcatRange8.0.0–8.0.49

apache tomcatRange8.5.0–8.5.27

apache tomcatRange9.0.0–9.0.4

apache tomcatMatch8.0.0rc1

apache tomcatMatch9.0.0milestone1

apache tomcatMatch9.0.0milestone10

apache tomcatMatch9.0.0milestone11

apache tomcatMatch9.0.0milestone12

apache tomcatMatch9.0.0milestone13

apache tomcatMatch9.0.0milestone14

apache tomcatMatch9.0.0milestone15

apache tomcatMatch9.0.0milestone16

apache tomcatMatch9.0.0milestone17

apache tomcatMatch9.0.0milestone18

apache tomcatMatch9.0.0milestone19

apache tomcatMatch9.0.0milestone2

apache tomcatMatch9.0.0milestone20

apache tomcatMatch9.0.0milestone21

apache tomcatMatch9.0.0milestone22

apache tomcatMatch9.0.0milestone23

apache tomcatMatch9.0.0milestone24

apache tomcatMatch9.0.0milestone25

apache tomcatMatch9.0.0milestone26

apache tomcatMatch9.0.0milestone27

apache tomcatMatch9.0.0milestone3

apache tomcatMatch9.0.0milestone4

apache tomcatMatch9.0.0milestone5

apache tomcatMatch9.0.0milestone6

apache tomcatMatch9.0.0milestone7

apache tomcatMatch9.0.0milestone8

apache tomcatMatch9.0.0milestone9

Node

redhat jboss_enterprise_application_platformMatch6

redhat jboss_enterprise_application_platformMatch6.4

redhat jboss_enterprise_web_serverMatch3.0.0

AND

redhat enterprise_linuxMatch6.0

redhat enterprise_linuxMatch7.0

Node

debian debian_linuxMatch7.0

debian debian_linuxMatch8.0

debian debian_linuxMatch9.0

Node

canonical ubuntu_linuxMatch14.04lts

canonical ubuntu_linuxMatch16.04lts

canonical ubuntu_linuxMatch17.10

canonical ubuntu_linuxMatch18.04lts

Node

oracle fusion_middlewareMatch12.2.1.3.0

oracle hospitality_guest_accessMatch4.2.0

oracle hospitality_guest_accessMatch4.2.1

oracle micros_relate_crm_softwareMatch11.4

oracle secure_global_desktopMatch5.3

oracle secure_global_desktopMatch5.4

Node

redhat jboss_middlewareMatch1

[
  {
    "product": "Apache Tomcat",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49, 7.0.0 to 7.0.84"
      }
    ]
  }
]

Source	Link
oracle	www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
access	www.access.redhat.com/errata/RHSA-2018:1451
security	www.security.netapp.com/advisory/ntap-20180706-0001/
lists	www.lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E
lists	www.lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E
lists	www.lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E
access	www.access.redhat.com/errata/RHSA-2018:0466
access	www.access.redhat.com/errata/RHSA-2018:0465
lists	www.lists.apache.org/thread.html/b1d7e2425d6fd2cebed40d318f9365b44546077e10949b01b1f8a0fb%40%3Cannounce.tomcat.apache.org%3E
lists	www.lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E

21 Nov 2024 03:59Current

6.7Medium risk

Vulners AI Score6.7

CVSS 24.3

CVSS 35.9

EPSS0.0304