Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:6315
HistoryMay 17, 2018 - 4:40 a.m.

Insecure Defaults

2018-05-1704:40:32
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9

EPSS

0.052

Percentile

93.1%

Apache Tomcat is vulnerable to insecure defaults. The CORS filter provided by default is insecure as it enables supportsCredentials for all origins. This can allow a malicious user unauthorized access to sensitive resources.

References