6.5

CVE-2018-1305

EPSS 17.66%
Published 23.02.2018 23:29:00
Last modified 21.11.2024 03:59:35
Source security@apache.org
Teams watchlist Login
Open Login

Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them.

Affected products Warnungen 0 Metrics 3 CWE 0 References 38

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Tomcat Version >= 7.0.0 <= 7.0.84

Apache ≫ Tomcat Version >= 8.0.0 <= 8.0.49

Apache ≫ Tomcat Version8.0.0 Updaterc1

Apache ≫ Tomcat Version8.0.0 Updaterc10

Apache ≫ Tomcat Version8.0.0 Updaterc3

Apache ≫ Tomcat Version8.0.0 Updaterc5

Apache ≫ Tomcat Version9.0.0

Apache ≫ Tomcat Version9.0.0 Updatemilestone1

Apache ≫ Tomcat Version9.0.0 Updatemilestone10

Apache ≫ Tomcat Version9.0.0 Updatemilestone11

Apache ≫ Tomcat Version9.0.0 Updatemilestone12

Apache ≫ Tomcat Version9.0.0 Updatemilestone13

Apache ≫ Tomcat Version9.0.0 Updatemilestone14

Apache ≫ Tomcat Version9.0.0 Updatemilestone15

Apache ≫ Tomcat Version9.0.0 Updatemilestone16

Apache ≫ Tomcat Version9.0.0 Updatemilestone17

Apache ≫ Tomcat Version9.0.0 Updatemilestone18

Apache ≫ Tomcat Version9.0.0 Updatemilestone19

Apache ≫ Tomcat Version9.0.0 Updatemilestone2

Apache ≫ Tomcat Version9.0.0 Updatemilestone20

Apache ≫ Tomcat Version9.0.0 Updatemilestone21

Apache ≫ Tomcat Version9.0.0 Updatemilestone22

Apache ≫ Tomcat Version9.0.0 Updatemilestone23

Apache ≫ Tomcat Version9.0.0 Updatemilestone24

Apache ≫ Tomcat Version9.0.0 Updatemilestone25

Apache ≫ Tomcat Version9.0.0 Updatemilestone26

Apache ≫ Tomcat Version9.0.0 Updatemilestone27

Apache ≫ Tomcat Version9.0.0 Updatemilestone3

Apache ≫ Tomcat Version9.0.0 Updatemilestone4

Apache ≫ Tomcat Version9.0.0 Updatemilestone5

Apache ≫ Tomcat Version9.0.0 Updatemilestone6

Apache ≫ Tomcat Version9.0.0 Updatemilestone7

Apache ≫ Tomcat Version9.0.0 Updatemilestone8

Apache ≫ Tomcat Version9.0.0 Updatemilestone9

Apache ≫ Tomcat Version9.0.1

Apache ≫ Tomcat Version9.0.2

Apache ≫ Tomcat Version9.0.3

Apache ≫ Tomcat Version9.0.4

Apache ≫ Tomcat Version >= 8.5.0 <= 8.5.27

Debian ≫ Debian Linux Version7.0

Debian ≫ Debian Linux Version8.0

Debian ≫ Debian Linux Version9.0

Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version17.10

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Oracle ≫ Fusion Middleware Version12.2.1.3.0

Oracle ≫ Managed File Transfer Version12.1.3.0.0

Oracle ≫ Managed File Transfer Version12.2.1.3.0

Oracle ≫ Micros Relate Crm Software Version11.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	17.66%	0.949

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Patch

Third Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Patch

Third Party Advisory

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Patch

Third Party Advisory

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

https://www.oracle.com/security-alerts/cpuapr2020.html

https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E

https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html

Third Party Advisory

Mailing List

https://access.redhat.com/errata/RHSA-2018:0465

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:0466

Third Party Advisory

https://usn.ubuntu.com/3665-1/

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2939

Third Party Advisory

http://www.securityfocus.com/bid/103144

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1040428

Third Party Advisory

VDB Entry

https://access.redhat.com/errata/RHSA-2018:1320

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2205

https://lists.apache.org/thread.html/d3354bb0a4eda4acc0a66f3eb24a213fdb75d12c7d16060b23e65781%40%3Cannounce.tomcat.apache.org%3E

https://lists.debian.org/debian-lts-announce/2018/03/msg00004.html

Third Party Advisory

Mailing List

https://lists.debian.org/debian-lts-announce/2018/07/msg00044.html

Third Party Advisory

Mailing List

https://security.netapp.com/advisory/ntap-20180706-0001/

Third Party Advisory

https://www.debian.org/security/2018/dsa-4281

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-1305

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-1305

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-1305

EUVD