[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

246852

 
 

909

 
 

194149

 
 

282

Paid content will be excluded from the download.


Download | Alert*
OVAL

CVE-2018-8014 -- tomcat7

ID: oval:org.secpod.oval:def:2001597Date: (C)2019-04-22   (M)2023-12-20
Class: VULNERABILITYFamily: unix




The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable "supportsCredentials" for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue.

Platform:
Debian 8.x
Debian 9.x
Product:
tomcat7
tomcat8
Reference:
CVE-2018-8014
CVE    1
CVE-2018-8014
CPE    5
cpe:/o:debian:debian_linux:8.x
cpe:/o:debian:debian_linux:9.x
cpe:/a:apache:tomcat8
cpe:/a:apache:tomcat7
...

© SecPod Technologies