Lucene search
K

5 matches found

OSV
OSV
added 2018/10/17 4:31 p.m.4 views

GHSA-6RXJ-58JH-436R Apache Tomcat unauthorized access vulnerability

The URL pattern of "" the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It...

5.9CVSS6.8AI score0.17378EPSS
Exploits0References64
RedHat Linux
RedHat Linux
added 2018/05/14 8:51 p.m.5 views

tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources

The URL pattern of "" the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It...

5.9CVSS7.1AI score0.17378EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2018/05/14 8:36 p.m.4 views

tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources

The URL pattern of "" the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It...

5.9CVSS7.1AI score0.17378EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2018/05/14 8:36 p.m.3 views

tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources

The URL pattern of "" the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It...

5.9CVSS7.1AI score0.17378EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2018/05/14 8:36 p.m.4 views

tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources

The URL pattern of "" the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It...

5.9CVSS7.1AI score0.17378EPSS
Exploits0References7
Rows per page
Query Builder