Lucene search

CVE-2018-8014

🗓️ 16 May 2018 16:00:29Reported by apacheType

cve🔗 web.nvd.nist.gov📰️ 20 Media mentions👁 630 Views

CVE-2018-8014: Insecure CORS filter settings in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.8

Reporter	Title	Published	Views	Family All 114
Tenable Nessus	EulerOS 2.0 SP2 : tomcat (EulerOS-SA-2018-1220)	20 Jul 201800:00	–	nessus
Tenable Nessus	Photon OS 2.0: Apache PHSA-2018-2.0-0065	23 Jul 202400:00	–	nessus
Tenable Nessus	Apache Tomcat 9.0.0 < 9.0.9	24 Jul 201800:00	–	nessus
Tenable Nessus	Apache Tomcat 7.0.0 < 7.0.89	24 Jul 201800:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP3 : tomcat (EulerOS-SA-2018-1227)	10 Aug 201800:00	–	nessus
Tenable Nessus	Photon OS 2.0: Apache PHSA-2018-2.0-0065 (deprecated)	17 Aug 201800:00	–	nessus
Tenable Nessus	Apache Tomcat 8.0.0.RC1 < 8.0.53 multiple vulnerabilities	13 Jul 201800:00	–	nessus
Tenable Nessus	Apache Tomcat 8.0.x < 8.0.53 Multiple Vulnerabilities	13 May 201900:00	–	nessus
Tenable Nessus	RHEL 6 / 7 : Red Hat JBoss Web Server 5.0 Service Pack 2 (RHSA-2019:0451)	5 Mar 201900:00	–	nessus
Tenable Nessus	Debian DLA-1883-1 : tomcat8 security update (httpoxy)	14 Aug 201900:00	–	nessus

Nvd

Vulners

Node

apache tomcatRange7.0.41–7.0.88

apache tomcatRange8.0.0–8.0.52

apache tomcatRange8.5.0–8.5.31

apache tomcatRange9.0.0–9.0.8

apache tomcatMatch8.0.0rc1

apache tomcatMatch9.0.0milestone1

Node

canonical ubuntu_linuxMatch14.04lts

canonical ubuntu_linuxMatch16.04lts

canonical ubuntu_linuxMatch17.10

canonical ubuntu_linuxMatch18.04lts

Node

debian debian_linuxMatch8.0

Node

netapp oncommand_insightMatch-

netapp oncommand_unified_managerRange9.4≥vmware_vsphere

netapp oncommand_workflow_automationMatch-

netapp snapcenter_serverMatch-

netapp storage_automation_storeMatch-

Node

netapp oncommand_unified_managerRange7.3≥

AND

microsoft windowsMatch-

[
  {
    "product": "Apache Tomcat",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "9.0.0.M1 to 9.0.8"
      },
      {
        "status": "affected",
        "version": "8.5.0 to 8.5.31"
      },
      {
        "status": "affected",
        "version": "8.0.0.RC1 to 8.0.52"
      },
      {
        "status": "affected",
        "version": "7.0.41 to 7.0.88"
      }
    ]
  }
]

Source	Link
oracle	www.oracle.com/security-alerts/cpuapr2020.html
lists	www.lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E
lists	www.lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E
securitytracker	www.securitytracker.com/id/1040998
lists	www.lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E
lists	www.lists.apache.org/thread.html/fbfb713e4f8a4c0f81089b89450828011343593800cae3fb629192b1%40%3Cannounce.tomcat.apache.org%3E
usn	www.usn.ubuntu.com/3665-1/
access	www.access.redhat.com/errata/RHSA-2019:0450
lists	www.lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
seclists	www.seclists.org/bugtraq/2019/Dec/43

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

16 May 2018 16:29Current

8.6High risk

Vulners AI Score8.6

CVSS27.5

CVSS39.8

EPSS0.53035

CWE-1188