SUSE CVE-2018-1304

🗓️ 15 Feb 2023 04:34:20Reported by Suse CVEType

susecve

susecve🔗 www.suse.com👁 1 Views

Tomcat ignored empty string security constraints, enabling unauthorized access in multiple versions.

Reporter	Title	Published	Views	Family All 155
IBM Security Bulletins	Security Bulletin: Vulnerability in Apache Tomcat affects IBM Platform Symphony, IBM Spectrum Symphony (CVE-2017-15698, CVE-2017-15706, CVE-2018-1323, CVE-2018-1305, CVE-2018-1304)	18 Jun 201801:43	–	ibm
IBM Security Bulletins	Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to security constraint bypass. (CVE-2018-1304, CVE-2018-1305)	6 Feb 201922:45	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2018-1323,CVE-2018-1305,CVE-2018-1304)	17 Jun 201805:28	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in Apache Tomcat affects IBM UrbanCode Deploy (CVE-2018-1304, CVE-2018-1305)	25 Oct 201820:45	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Business Intelligence has addressed multiple vulnerabilties	19 Dec 201921:01	–	ibm
IBM Security Bulletins	Security Bulletin: Rational Build Forge Security Advisory for Apache Tomcat and Apache HTTP Server (CVE-2018-11763; CVE-2018-11784)	15 Nov 201817:45	–	ibm
IBM Security Bulletins	Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2017-15698, CVE-2017-15706, CVE-2018-1304, CVE-2018-1305)	17 Jun 201815:51	–	ibm
IBM Security Bulletins	Security Bulletin: Rational DOORS Web Access is affected by Apache Tomcat vulnerabilities	22 Jun 201803:56	–	ibm
IBM Security Bulletins	Security Bulletin: Cloud Pak for Security contains packages that have multiple vulnerabilities	1 Apr 202216:38	–	ibm
IBM Security Bulletins	Security Bulletin: IBM WebSphere Cast Iron Solution is affected by Tomcat vulnerabilities	6 Aug 201814:27	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
SUSE Linux Enterprise Server	12	any	tomcat	7.0.90-7.23.1	tomcat-7.0.90-7.23.1.noarch.rpm
SUSE Linux Enterprise Server	12.2	any	tomcat	8.0.50-29.8.2	tomcat-8.0.50-29.8.2.noarch.rpm
SUSE Linux Enterprise Server	12.3	any	tomcat	8.0.50-29.8.2	tomcat-8.0.50-29.8.2.noarch.rpm
SUSE Linux Enterprise Server for SAP applications	12.2	any	tomcat	8.0.50-29.8.2	tomcat-8.0.50-29.8.2.noarch.rpm
SUSE Linux Enterprise Server for SAP applications	12.3	any	tomcat	8.0.50-29.8.2	tomcat-8.0.50-29.8.2.noarch.rpm
SUSE Linux Enterprise Server	12.1	any	tomcat	8.0.53-10.35.1	tomcat-8.0.53-10.35.1.noarch.rpm
SUSE Linux Enterprise Server for SAP applications	12.1	any	tomcat	8.0.53-10.35.1	tomcat-8.0.53-10.35.1.noarch.rpm
SUSE Linux Enterprise Server	12.4	any	tomcat	9.0.12-1.7	tomcat-9.0.12-1.7.noarch.rpm
SUSE Linux Enterprise Server	12.5	any	tomcat	9.0.21-3.13.2	tomcat-9.0.21-3.13.2.noarch.rpm
SUSE Linux Enterprise Server for SAP applications	12.5	any	tomcat	9.0.21-3.13.2	tomcat-9.0.21-3.13.2.noarch.rpm

Source	Link
suse	www.suse.com/security/cve/CVE-2018-1304
suse	www.suse.com/support/security/rating/
bugzilla	www.bugzilla.suse.com/1082480
lists	www.lists.suse.com/pipermail/sle-security-updates/2018-March/003844.html
lists	www.lists.suse.com/pipermail/sle-security-updates/2018-June/004231.html
lists	www.lists.suse.com/pipermail/sle-security-updates/2018-October/004749.html
lists	www.lists.suse.com/pipermail/sle-security-updates/2018-October/004782.html

25 Apr 2025 07:26Current

8.1High risk

Vulners AI Score8.1

CVSS 34.8

EPSS0.0304

tomcat empty string constraint security constraint unauthorized access multiple versions