Lucene search

K
kasperskyKaspersky LabKLA11327
HistoryOct 03, 2018 - 12:00 a.m.

KLA11327 SB vulnerability in Apache Tomcat

2018-10-0300:00:00
Kaspersky Lab
threats.kaspersky.com
540

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.791 High

EPSS

Percentile

98.3%

A vulnerability was found in Apache Tomcat. Malicious users can exploit this vulnerability via specially crafted URI to bypass security restrictions.

Original advisories

Apache Tomcat 7.x vulnerabilities

Apache Tomcat 8.x vulnerabilities

Apache Tomcat 9.x vulnerabilities

Related products

Apache-Tomcat

CVE list

CVE-2018-11784 warning

Solution

Update to the latest version

Impacts

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Affected Products

  • Apache Tomcat 8.0.xApache Tomcat 8.5.x earlier than 8.5.34Apache Tomcat 7.x earlier than 7.0.91Apache Tomcat 9. earlier than 9.0.12

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.791 High

EPSS

Percentile

98.3%