cpe:/a:apache:tomcat:7.0.41 cpe:/a:apache:tomcat:7.0.42 cpe:/a:apache:tomcat:7.0.43 cpe:/a:apache:tomcat:7.0.44 cpe:/a:apache:tomcat:7.0.45 cpe:/a:apache:tomcat:7.0.46 cpe:/a:apache:tomcat:7.0.47 cpe:/a:apache:tomcat:7.0.48 cpe:/a:apache:tomcat:7.0.49 cpe:/a:apache:tomcat:7.0.50 cpe:/a:apache:tomcat:7.0.52 cpe:/a:apache:tomcat:7.0.53 cpe:/a:apache:tomcat:7.0.54 cpe:/a:apache:tomcat:7.0.55 cpe:/a:apache:tomcat:7.0.56 cpe:/a:apache:tomcat:7.0.57 cpe:/a:apache:tomcat:7.0.58 cpe:/a:apache:tomcat:7.0.59 cpe:/a:apache:tomcat:7.0.60 cpe:/a:apache:tomcat:7.0.61 cpe:/a:apache:tomcat:7.0.62 cpe:/a:apache:tomcat:7.0.63 cpe:/a:apache:tomcat:7.0.64 cpe:/a:apache:tomcat:7.0.65 cpe:/a:apache:tomcat:7.0.66 cpe:/a:apache:tomcat:7.0.67 cpe:/a:apache:tomcat:7.0.68 cpe:/a:apache:tomcat:7.0.69 cpe:/a:apache:tomcat:7.0.70 cpe:/a:apache:tomcat:7.0.71 cpe:/a:apache:tomcat:7.0.72 cpe:/a:apache:tomcat:7.0.73 cpe:/a:apache:tomcat:7.0.74 cpe:/a:apache:tomcat:7.0.75 cpe:/a:apache:tomcat:7.0.76 cpe:/a:apache:tomcat:7.0.77 cpe:/a:apache:tomcat:7.0.78 cpe:/a:apache:tomcat:8.0 cpe:/a:apache:tomcat:8.0.0:rc1 cpe:/a:apache:tomcat:8.0.0:rc10 cpe:/a:apache:tomcat:8.0.0:rc3 cpe:/a:apache:tomcat:8.0.0:rc5 cpe:/a:apache:tomcat:8.0.1 cpe:/a:apache:tomcat:8.0.2 cpe:/a:apache:tomcat:8.0.3 cpe:/a:apache:tomcat:8.0.4 cpe:/a:apache:tomcat:8.0.5 cpe:/a:apache:tomcat:8.0.6 cpe:/a:apache:tomcat:8.0.7 cpe:/a:apache:tomcat:8.0.8 cpe:/a:apache:tomcat:8.0.9 cpe:/a:apache:tomcat:8.0.10 cpe:/a:apache:tomcat:8.0.11 cpe:/a:apache:tomcat:8.0.12 cpe:/a:apache:tomcat:8.0.13 cpe:/a:apache:tomcat:8.0.14 cpe:/a:apache:tomcat:8.0.15 cpe:/a:apache:tomcat:8.0.16 cpe:/a:apache:tomcat:8.0.17 cpe:/a:apache:tomcat:8.0.18 cpe:/a:apache:tomcat:8.0.19 cpe:/a:apache:tomcat:8.0.20 cpe:/a:apache:tomcat:8.0.21 cpe:/a:apache:tomcat:8.0.22 cpe:/a:apache:tomcat:8.0.23 cpe:/a:apache:tomcat:8.0.24 cpe:/a:apache:tomcat:8.0.25 cpe:/a:apache:tomcat:8.0.26 cpe:/a:apache:tomcat:8.0.27 cpe:/a:apache:tomcat:8.0.28 cpe:/a:apache:tomcat:8.0.29 cpe:/a:apache:tomcat:8.0.30 cpe:/a:apache:tomcat:8.0.31 cpe:/a:apache:tomcat:8.0.32 cpe:/a:apache:tomcat:8.0.33 cpe:/a:apache:tomcat:8.0.34 cpe:/a:apache:tomcat:8.0.35 cpe:/a:apache:tomcat:8.0.36 cpe:/a:apache:tomcat:8.0.37 cpe:/a:apache:tomcat:8.0.38 cpe:/a:apache:tomcat:8.0.39 cpe:/a:apache:tomcat:8.0.40 cpe:/a:apache:tomcat:8.0.41 cpe:/a:apache:tomcat:8.0.42 cpe:/a:apache:tomcat:8.0.43 cpe:/a:apache:tomcat:8.0.44 cpe:/a:apache:tomcat:8.5.0 cpe:/a:apache:tomcat:8.5.1 cpe:/a:apache:tomcat:8.5.2 cpe:/a:apache:tomcat:8.5.3 cpe:/a:apache:tomcat:8.5.4 cpe:/a:apache:tomcat:8.5.5 cpe:/a:apache:tomcat:8.5.6 cpe:/a:apache:tomcat:8.5.7 cpe:/a:apache:tomcat:8.5.8 cpe:/a:apache:tomcat:8.5.9 cpe:/a:apache:tomcat:8.5.10 cpe:/a:apache:tomcat:8.5.11 cpe:/a:apache:tomcat:8.5.12 cpe:/a:apache:tomcat:8.5.13 cpe:/a:apache:tomcat:8.5.14 cpe:/a:apache:tomcat:8.5.15 cpe:/a:apache:tomcat:9.0.0:m1 cpe:/a:apache:tomcat:9.0.0:m10 cpe:/a:apache:tomcat:9.0.0:m11 cpe:/a:apache:tomcat:9.0.0:m12 cpe:/a:apache:tomcat:9.0.0:m13 cpe:/a:apache:tomcat:9.0.0:m14 cpe:/a:apache:tomcat:9.0.0:m15 cpe:/a:apache:tomcat:9.0.0:m16 cpe:/a:apache:tomcat:9.0.0:m17 cpe:/a:apache:tomcat:9.0.0:m18 cpe:/a:apache:tomcat:9.0.0:m19 cpe:/a:apache:tomcat:9.0.0:m2 cpe:/a:apache:tomcat:9.0.0:m20 cpe:/a:apache:tomcat:9.0.0:m21 cpe:/a:apache:tomcat:9.0.0:m3 cpe:/a:apache:tomcat:9.0.0:m4 cpe:/a:apache:tomcat:9.0.0:m5 cpe:/a:apache:tomcat:9.0.0:m6 cpe:/a:apache:tomcat:9.0.0:m7 cpe:/a:apache:tomcat:9.0.0:m8 cpe:/a:apache:tomcat:9.0.0:m9 CVE-2017-7674 2017-08-10T22:29:00.287-04:00 2019-04-15T12:31:13.153-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov BID 100280 DEBIAN DSA-3974 REDHAT RHSA-2017:1801 REDHAT RHSA-2017:1802 REDHAT RHSA-2017:3081 MLIST [announce] 20170810 [SECURITY] CVE-2017-7674 Apache Tomcat Cache Poisoning MLIST [debian-lts-announce] 20180627 [SECURITY] [DLA 1400-1] tomcat7 security update MLIST [tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ MLIST [tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ MLIST [tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ MLIST [tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ MLIST [tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ MLIST [tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/ MLIST [tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/ MLIST [tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/ MLIST [tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/ MLIST [tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/ MLIST [tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/ CONFIRM http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html CONFIRM https://security.netapp.com/advisory/ntap-20180614-0003/ CONFIRM https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances.