Lucene search

K
nessusTenable700708.PASL
HistoryMay 13, 2019 - 12:00 a.m.

Apache Tomcat 9.0.x < 9.0.10 Multiple Vulnerabilities

2019-05-1300:00:00
Tenable
www.tenable.com
11

The version of Apache Tomcat installed on the remote host is 9.0.x prior to 9.0.10. It is, therefore, affected by multiple vulnerabilities.

  • A security misconfiguration vulnerability exists in Apache Tomcat prior to version 9.0.9 due to insecure default settings for the CORS filter (CVE-2018-8014).

  • A security misconfiguration vulnerability exists in Apache Tomcat prior to version 9.0.10. Hostname validation was not enabled by default when using TLS with the WebSocket client (CVE-2018-8034).

  • An information disclosure vulnerability exists in Apache Tomcat prior to version 9.0.10 due to a race condition. If an async request was completed by the application at the same time as the container triggered the async timeout, this could lead to a user being sent the response of another user. (CVE-2018-8037)

Binary data 700708.pasl
VendorProductVersion
apachetomcat