The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable "supportsCredentials" for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue.
| Product: |
| web/server/apache-24 |
| web/server/apache-24/module/apache-ssl |
| web/server/apache-24/module/apache-ssl-fips-140 |
| web/server/apache-24/module/apache-lua |
| web/server/apache-24/module/apache-ldap |
| web/server/apache-24/module/apache-gss |
| web/server/apache-24/module/apache-dbd |
| web/java-servlet/tomcat-8 |
| web/java-servlet/tomcat-8/tomcat-examples |
| web/java-servlet/tomcat-8/tomcat-admin |
| web/curl |
| terminal/cssh |
| terminal/cssh-526 |
| terminal/cssh-522 |
| system/display-manager/gdm |
| system/display-manager/desktop-startup |
| runtime/tcl-8/tcl-sqlite-3 |
| mail/thunderbird |
| mail/thunderbird/plugin/thunderbird-lightning |
| mail/mailman |
| library/speech/espeak |
| library/python/pyatspi2 |
| library/python/pyatspi2-35 |
| library/python/pyatspi2-34 |
| library/python/pyatspi2-27 |
| library/perl-5/xml-simple |
| library/perl-5/xml-simple-526 |
| library/perl-5/xml-simple-522 |
| library/perl-5/xml-sax |
| library/perl-5/xml-sax-base |
| library/perl-5/xml-sax-base-526 |
| library/perl-5/xml-sax-base-522 |
| library/perl-5/xml-sax-526 |
| library/perl-5/xml-sax-522 |
| library/perl-5/xml-parser |
| library/perl-5/xml-parser-526 |
| library/perl-5/xml-parser-522 |
| library/perl-5/xml-namespacesupport |
| library/perl-5/xml-namespacesupport-526 |
| library/perl-5/xml-namespacesupport-522 |
| library/perl-5/xml-libxml |
| library/perl-5/xml-libxml-526 |
| library/perl-5/xml-libxml-522 |
| library/perl-5/pmtools |
| library/perl-5/pmtools-526 |
| library/perl-5/pmtools-522 |
| library/perl-5/perl-x11-protocol |
| library/perl-5/perl-x11-protocol-526 |
| library/perl-5/perl-x11-protocol-522 |
| library/perl-5/perl-tk |
| library/perl-5/perl-tk-526 |
| library/perl-5/perl-tk-522 |
| library/perl-5/net-ssleay |
| library/perl-5/net-ssleay-526 |
| library/perl-5/net-ssleay-522 |
| library/perl-5/gettext |
| library/perl-5/gettext-526 |
| library/perl-5/gettext-522 |
| library/perl-5/dbd-sqlite |
| library/perl-5/dbd-sqlite-526 |
| library/perl-5/dbd-sqlite-522 |
| library/perl-5/dbd-mysql |
| library/perl-5/dbd-mysql-526 |
| library/perl-5/dbd-mysql-522 |
| library/perl-5/database |
| library/perl-5/database-526 |
| library/perl-5/database-522 |
| library/perl-5/authen-pam |
| library/perl-5/authen-pam-526 |
| library/perl-5/authen-pam-522 |
| library/perl-5/CGI |
| library/perl-5/CGI-526 |
| library/perl-5/CGI-522 |
| library/liblouis |
| library/desktop/webkitgtk4 |
| library/desktop/speech-dispatcher |
| library/desktop/dotconf |
| image/library/libjpeg |
| diagnostic/wireshark |
| diagnostic/wireshark/wireshark-common |
| diagnostic/wireshark/tshark |
| database/sqlite-3 |
| database/sqlite-3/documentation |
| database/mysql-57 |
| database/mysql-57/tests |
| database/mysql-57/library |
| database/mysql-57/embedded |
| database/mysql-57/client |
