Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-3665-1
HistoryMay 30, 2018 - 12:00 a.m.

Tomcat vulnerabilities

2018-05-3000:00:00
ubuntu.com
81

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.975 High

EPSS

Percentile

100.0%

JSON

Releases

  • Ubuntu 18.04 ESM
  • Ubuntu 17.10
  • Ubuntu 16.04 ESM
  • Ubuntu 14.04 ESM

Packages

  • tomcat7 - Servlet and JSP engine
  • tomcat8 - Servlet and JSP engine

Details

It was discovered that Tomcat incorrectly handled being configured with
HTTP PUTs enabled. A remote attacker could use this issue to upload a JSP
file to the server and execute arbitrary code. This issue only affected
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-12616,
CVE-2017-12617)

It was discovered that Tomcat contained incorrect documentation regarding
description of the search algorithm used by the CGI Servlet to identify
which script to execute. This issue only affected Ubuntu 17.10.
(CVE-2017-15706)

It was discovered that Tomcat incorrectly handled en empty string URL
pattern in security constraint definitions. A remote attacker could
possibly use this issue to gain access to web application resources,
contrary to expectations. This issue only affected Ubuntu 14.04 LTS,
Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2018-1304)

It was discovered that Tomcat incorrectly handled applying certain security
constraints. A remote attacker could possibly access certain resources,
contrary to expectations. This issue only affected Ubuntu 14.04 LTS,
Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2018-1305)

It was discovered that the Tomcat CORS filter default settings were
insecure and would enable ‘supportsCredentials’ for all origins, contrary
to expectations. (CVE-2018-8014)

OSVersionArchitecturePackageVersionFilename
Ubuntu18.04noarchlibtomcat8-java< 8.5.30-1ubuntu1.2UNKNOWN
Ubuntu18.04noarchlibservlet3.1-java< 8.5.30-1ubuntu1.2UNKNOWN
Ubuntu18.04noarchlibservlet3.1-java-doc< 8.5.30-1ubuntu1.2UNKNOWN
Ubuntu18.04noarchlibtomcat8-embed-java< 8.5.30-1ubuntu1.2UNKNOWN
Ubuntu18.04noarchtomcat8< 8.5.30-1ubuntu1.2UNKNOWN
Ubuntu18.04noarchtomcat8-admin< 8.5.30-1ubuntu1.2UNKNOWN
Ubuntu18.04noarchtomcat8-common< 8.5.30-1ubuntu1.2UNKNOWN
Ubuntu18.04noarchtomcat8-docs< 8.5.30-1ubuntu1.2UNKNOWN
Ubuntu18.04noarchtomcat8-examples< 8.5.30-1ubuntu1.2UNKNOWN
Ubuntu18.04noarchtomcat8-user< 8.5.30-1ubuntu1.2UNKNOWN
Rows per page:
1-10 of 381

Related

openvas 21
nessus 45
osv 15
debian 6
ibm 17
mageia 2
amazon 6
centos 1
redhat 3
ubuntucve 5
fedora 4
kaspersky 4
tomcat 14
freebsd 2
oraclelinux 1
symantec 1
prion 5
debiancve 5
veracode 6
github 4
cve 5
redhatcve 4
archlinux 1
suse 1
f5 4
checkpoint_advisories 2
photon 1
dsquare 2
cisa 1
attackerkb 1
packetstorm 2
nuclei 2
zdt 2
exploitpack 1
seebug 2
cisa_kev 1
openvas
openvas
Ubuntu Update for tomcat8 USN-3665-1
2018-06-05 00:00:00
Fedora Update for tomcat FEDORA-2018-50f0da5d38
2018-04-06 00:00:00
Apache Tomcat Security Constraint Incorrect Handling Access Bypass Vulnerabilities (Windows)
2018-02-26 00:00:00
nessus
nessus
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Tomcat vulnerabilities (USN-3665-1)
2018-05-31 00:00:00
openSUSE Security Update : tomcat (openSUSE-2018-325)
2018-03-30 00:00:00
Amazon Linux AMI : tomcat80 (ALAS-2018-973)
2018-03-27 00:00:00
osv
osv
tomcat7 - security update
2018-06-27 00:00:00
tomcat7 - security update
2018-03-06 00:00:00
tomcat8 - security update
2018-07-29 00:00:00
debian
debian
[SECURITY] [DLA 1400-1] tomcat7 security update
2018-06-27 20:56:21
[SECURITY] [DLA 1450-1] tomcat8 security update
2018-07-29 11:57:59
[SECURITY] [DLA 1301-1] tomcat7 security update
2018-03-06 13:24:42
ibm
ibm
Security Bulletin: IBM OpenPages GRC Platform has addressed multiple Apache Tomcat vulnerabilities.
2018-06-15 23:49:25
Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2017-15698, CVE-2017-15706, CVE-2018-1304, CVE-2018-1305)
2018-06-17 15:51:09
Security Bulletin: Rational DOORS Web Access is affected by Apache Tomcat vulnerabilities
2018-06-22 03:56:40
mageia
mageia
Updated tomcat packages fix security vulnerabilities
2018-02-28 16:55:21
Updated tomcat packages fix security vulnerability
2017-11-03 00:47:07
amazon
amazon
Medium: tomcat80
2018-03-21 22:08:00
Medium: tomcat7, tomcat8
2018-03-21 22:06:00
Important: tomcat
2020-03-09 19:23:00
centos
centos
tomcat security update
2019-08-30 04:27:31
redhat
redhat
(RHSA-2019:2205) Moderate: tomcat security, bug fix, and enhancement update
2019-08-06 08:13:03
(RHSA-2018:0465) Important: Red Hat JBoss Web Server 3.1.0 Service Pack 2 security update
2018-03-07 15:08:16
(RHSA-2018:0466) Important: Red Hat JBoss Web Server 3.1.0 Service Pack 2 security update
2018-03-07 15:08:21
ubuntucve
ubuntucve
CVE-2017-12616
2017-09-19 00:00:00
CVE-2018-8014
2018-05-16 00:00:00
CVE-2017-15706
2018-01-31 00:00:00
fedora
fedora
[SECURITY] Fedora 26 Update: tomcat-8.0.50-1.fc26
2018-04-04 16:47:53
[SECURITY] Fedora 27 Update: tomcat-8.0.50-1.fc27
2018-04-04 17:10:49
[SECURITY] Fedora 26 Update: tomcat-8.0.49-1.fc26
2018-02-20 16:40:04
kaspersky
kaspersky
KLA11203 Multiple vulnerabilities in Apache Tomcat
2018-02-13 00:00:00
KLA11189 DoS vulnerability in Apache Tomcat
2018-01-31 00:00:00
KLA11256 SB vulnerability in Apache Tomcat
2018-05-15 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 8.5.28
2018-02-11 00:00:00
Fixed in Apache Tomcat 8.0.50
2018-02-13 00:00:00
Fixed in Apache Tomcat 9.0.5
2018-02-11 00:00:00
freebsd
freebsd
tomcat -- Security constraints ignored or applied too late
2018-02-23 00:00:00
tomcat -- Remote Code Execution
2017-10-04 00:00:00
oraclelinux
oraclelinux
tomcat security, bug fix, and enhancement update
2019-08-13 00:00:00
symantec
symantec
Apache Tomcat Vulnerabilities Jan-Aug 2018
2018-10-11 08:01:01
prion
prion
Design/Logic Flaw
2017-09-19 13:29:00
Default configuration
2018-05-16 16:29:00
Design/Logic Flaw
2018-01-31 14:29:00
debiancve
debiancve
CVE-2017-12616
2017-09-19 13:29:00
CVE-2018-8014
2018-05-16 16:29:00
CVE-2017-15706
2018-01-31 14:29:00
veracode
veracode
Information Disclosure
2017-09-20 02:23:33
Incorrect Documentation
2018-02-01 08:52:01
Insecure Defaults
2018-05-17 04:40:32
github
github
The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins
2018-10-17 16:32:32
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
2022-05-14 01:10:16
Inconsistent documentation in Apache Tomcat
2022-05-14 01:10:15
cve
cve
CVE-2018-8014
2018-05-16 16:29:00
CVE-2017-15706
2018-01-31 14:29:00
CVE-2017-12616
2017-09-19 13:29:00
redhatcve
redhatcve
CVE-2017-12616
2019-10-08 03:55:37
CVE-2017-15706
2020-04-08 19:53:58
CVE-2018-8014
2020-04-06 17:04:57
archlinux
archlinux
[ASA-201709-17] tomcat7: information disclosure
2017-09-19 00:00:00
suse
suse
Security update for tomcat (important)
2017-11-23 21:09:20
f5
f5
K11420556 : Apache Tomcat vulnerability CVE-2018-8014
2018-07-17 00:00:00
K24335161 : Apache Tomcat vulnerability CVE-2017-12616
2017-09-28 00:00:00
K53173544 : Apache Tomcat vulnerability CVE-2017-12617
2017-10-05 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache Tomcat VirtualDirContext Information Disclosure (CVE-2017-12616)
2017-10-02 00:00:00
Apache Tomcat HTTP PUT Remote Code Execution (CVE-2017-12617)
2017-10-08 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0065
2018-07-02 00:00:00
dsquare
dsquare
Apache Tomcat VirtualDirContext Class File Handling Remote JSP Source Code Disclosure
2018-03-09 00:00:00
Apache Tomcat for Windows HTTP PUT Method File Upload
2018-02-10 00:00:00
cisa
cisa
Apache Releases Security Updates for Apache Tomcat
2017-10-03 00:00:00
attackerkb
attackerkb
CVE-2017-12617
2017-10-04 00:00:00
packetstorm
packetstorm
Apache Tomcat Upload Bypass / Remote Code Execution
2017-10-10 00:00:00
Tomcat JSP Upload Bypass Remote Code Execution
2017-10-12 00:00:00
nuclei
nuclei
Apache Tomcat - Remote Code Execution
2023-06-15 08:45:00
Apache Tomcat - Remote Code Execution
2023-06-15 08:45:00
zdt
zdt
Apache Tomcat JSP Upload Bypass Remote Code Execution Exploit
2017-10-12 00:00:00
Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - Remote Code Execution Exp
2017-10-09 00:00:00
exploitpack
exploitpack
Apache Tomcat 9.0.1 (Beta) 8.5.23 8.0.47 7.0.8 - JSP Upload Bypass Remote Code Execution (2)
2017-10-09 00:00:00
seebug
seebug
Apache Tomcat Upload Bypass / Remote Code Execution(CVE-2017-12617)
2017-10-10 00:00:00
Apache Tomcat Security Bypass Vulnerability(CVE-2018-1305)
2018-02-27 00:00:00
cisa_kev
cisa_kev
Apache Tomcat Remote Code Execution Vulnerability
2022-03-25 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.975 High

EPSS

Percentile

100.0%

JSON
Related for USN-3665-1
openvas21nessus45osv15debian6ibm17mageia2amazon6centos1redhat3ubuntucve5fedora4kaspersky4tomcat14freebsd2oraclelinux1symantec1prion5debiancve5veracode6github4cve5redhatcve4archlinux1suse1f54checkpoint_advisories2photon1dsquare2cisa1attackerkb1packetstorm2nuclei2zdt2exploitpack1seebug2cisa_kev1