Lucene search

K
tomcatApache TomcatTOMCAT:15BD868F3B05972CB1A45C65508CE8A7
HistoryJul 06, 2018 - 12:00 a.m.

Fixed in Apache Tomcat 8.0.53

2018-07-0600:00:00
Apache Tomcat
tomcat.apache.org
77

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.052

Percentile

93.1%

Low: host name verification missing in WebSocket client CVE-2018-8034

The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default.

This was fixed in revision 1833759.

This issue was reported publicly on 11 June 2018 and formally announced as a vulnerability on 22 July 2018.

Affects: 8.0.0.RC1 to 8.0.52

Low: CORS filter has insecure defaults CVE-2018-8014

The defaults settings for the CORS filter are insecure and enable supportsCredentials for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue.

This was fixed in revision 1831729.

This issue was reported publicly on 1 May 2018 and formally announced as a vulnerability on 16 May 2018.

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.052

Percentile

93.1%