cpe:/a:apache:tomcat:7.0.0 cpe:/a:apache:tomcat:7.0.0:beta cpe:/a:apache:tomcat:7.0.1 cpe:/a:apache:tomcat:7.0.2 cpe:/a:apache:tomcat:7.0.2:beta cpe:/a:apache:tomcat:7.0.3 cpe:/a:apache:tomcat:7.0.4 cpe:/a:apache:tomcat:7.0.4:beta cpe:/a:apache:tomcat:7.0.5 cpe:/a:apache:tomcat:7.0.5:beta cpe:/a:apache:tomcat:7.0.6 cpe:/a:apache:tomcat:7.0.7 cpe:/a:apache:tomcat:7.0.8 cpe:/a:apache:tomcat:7.0.9 cpe:/a:apache:tomcat:7.0.10 cpe:/a:apache:tomcat:7.0.11 cpe:/a:apache:tomcat:7.0.12 cpe:/a:apache:tomcat:7.0.13 cpe:/a:apache:tomcat:7.0.14 cpe:/a:apache:tomcat:7.0.15 cpe:/a:apache:tomcat:7.0.16 cpe:/a:apache:tomcat:7.0.17 cpe:/a:apache:tomcat:7.0.18 cpe:/a:apache:tomcat:7.0.19 cpe:/a:apache:tomcat:7.0.20 cpe:/a:apache:tomcat:7.0.21 cpe:/a:apache:tomcat:7.0.22 cpe:/a:apache:tomcat:7.0.23 cpe:/a:apache:tomcat:7.0.24 cpe:/a:apache:tomcat:7.0.25 cpe:/a:apache:tomcat:7.0.26 cpe:/a:apache:tomcat:7.0.27 cpe:/a:apache:tomcat:7.0.28 cpe:/a:apache:tomcat:7.0.29 cpe:/a:apache:tomcat:7.0.30 cpe:/a:apache:tomcat:7.0.31 cpe:/a:apache:tomcat:7.0.32 cpe:/a:apache:tomcat:7.0.33 cpe:/a:apache:tomcat:7.0.34 cpe:/a:apache:tomcat:7.0.35 cpe:/a:apache:tomcat:7.0.36 cpe:/a:apache:tomcat:7.0.37 cpe:/a:apache:tomcat:7.0.38 cpe:/a:apache:tomcat:7.0.39 cpe:/a:apache:tomcat:7.0.40 cpe:/a:apache:tomcat:7.0.41 cpe:/a:apache:tomcat:7.0.42 cpe:/a:apache:tomcat:7.0.43 cpe:/a:apache:tomcat:7.0.44 cpe:/a:apache:tomcat:7.0.45 cpe:/a:apache:tomcat:7.0.46 cpe:/a:apache:tomcat:7.0.47 cpe:/a:apache:tomcat:7.0.48 cpe:/a:apache:tomcat:7.0.49 cpe:/a:apache:tomcat:7.0.50 cpe:/a:apache:tomcat:7.0.51 cpe:/a:apache:tomcat:7.0.52 cpe:/a:apache:tomcat:7.0.53 cpe:/a:apache:tomcat:7.0.54 cpe:/a:apache:tomcat:7.0.55 cpe:/a:apache:tomcat:7.0.56 cpe:/a:apache:tomcat:7.0.57 cpe:/a:apache:tomcat:7.0.58 cpe:/a:apache:tomcat:7.0.59 cpe:/a:apache:tomcat:7.0.60 cpe:/a:apache:tomcat:7.0.61 cpe:/a:apache:tomcat:7.0.62 cpe:/a:apache:tomcat:7.0.63 cpe:/a:apache:tomcat:7.0.64 cpe:/a:apache:tomcat:7.0.65 cpe:/a:apache:tomcat:7.0.66 cpe:/a:apache:tomcat:7.0.67 cpe:/a:apache:tomcat:7.0.68 cpe:/a:apache:tomcat:7.0.69 cpe:/a:apache:tomcat:7.0.70 cpe:/a:apache:tomcat:7.0.71 cpe:/a:apache:tomcat:7.0.72 cpe:/a:apache:tomcat:7.0.73 cpe:/a:apache:tomcat:7.0.74 cpe:/a:apache:tomcat:7.0.75 cpe:/a:apache:tomcat:7.0.76 cpe:/a:apache:tomcat:7.0.77 cpe:/a:apache:tomcat:7.0.78 cpe:/a:apache:tomcat:7.0.79 cpe:/a:apache:tomcat:7.0.80 cpe:/a:apache:tomcat:7.0.81 cpe:/a:apache:tomcat:7.0.82 cpe:/a:apache:tomcat:7.0.83 cpe:/a:apache:tomcat:7.0.84 cpe:/a:apache:tomcat:8.0.0:rc1 cpe:/a:apache:tomcat:8.0.0:rc10 cpe:/a:apache:tomcat:8.0.0:rc2 cpe:/a:apache:tomcat:8.0.0:rc3 cpe:/a:apache:tomcat:8.0.0:rc5 cpe:/a:apache:tomcat:8.0.1 cpe:/a:apache:tomcat:8.0.2 cpe:/a:apache:tomcat:8.0.3 cpe:/a:apache:tomcat:8.0.4 cpe:/a:apache:tomcat:8.0.5 cpe:/a:apache:tomcat:8.0.6 cpe:/a:apache:tomcat:8.0.7 cpe:/a:apache:tomcat:8.0.8 cpe:/a:apache:tomcat:8.0.9 cpe:/a:apache:tomcat:8.0.10 cpe:/a:apache:tomcat:8.0.11 cpe:/a:apache:tomcat:8.0.12 cpe:/a:apache:tomcat:8.0.13 cpe:/a:apache:tomcat:8.0.14 cpe:/a:apache:tomcat:8.0.15 cpe:/a:apache:tomcat:8.0.16 cpe:/a:apache:tomcat:8.0.17 cpe:/a:apache:tomcat:8.0.18 cpe:/a:apache:tomcat:8.0.19 cpe:/a:apache:tomcat:8.0.20 cpe:/a:apache:tomcat:8.0.21 cpe:/a:apache:tomcat:8.0.22 cpe:/a:apache:tomcat:8.0.23 cpe:/a:apache:tomcat:8.0.24 cpe:/a:apache:tomcat:8.0.25 cpe:/a:apache:tomcat:8.0.26 cpe:/a:apache:tomcat:8.0.27 cpe:/a:apache:tomcat:8.0.28 cpe:/a:apache:tomcat:8.0.29 cpe:/a:apache:tomcat:8.0.30 cpe:/a:apache:tomcat:8.0.31 cpe:/a:apache:tomcat:8.0.32 cpe:/a:apache:tomcat:8.0.33 cpe:/a:apache:tomcat:8.0.34 cpe:/a:apache:tomcat:8.0.35 cpe:/a:apache:tomcat:8.0.36 cpe:/a:apache:tomcat:8.0.37 cpe:/a:apache:tomcat:8.0.38 cpe:/a:apache:tomcat:8.0.39 cpe:/a:apache:tomcat:8.0.40 cpe:/a:apache:tomcat:8.0.41 cpe:/a:apache:tomcat:8.0.42 cpe:/a:apache:tomcat:8.0.43 cpe:/a:apache:tomcat:8.0.44 cpe:/a:apache:tomcat:8.0.45 cpe:/a:apache:tomcat:8.0.46 cpe:/a:apache:tomcat:8.0.47 cpe:/a:apache:tomcat:8.0.48 cpe:/a:apache:tomcat:8.0.49 cpe:/a:apache:tomcat:8.5.0 cpe:/a:apache:tomcat:8.5.1 cpe:/a:apache:tomcat:8.5.2 cpe:/a:apache:tomcat:8.5.3 cpe:/a:apache:tomcat:8.5.4 cpe:/a:apache:tomcat:8.5.5 cpe:/a:apache:tomcat:8.5.6 cpe:/a:apache:tomcat:8.5.7 cpe:/a:apache:tomcat:8.5.8 cpe:/a:apache:tomcat:8.5.9 cpe:/a:apache:tomcat:8.5.10 cpe:/a:apache:tomcat:8.5.11 cpe:/a:apache:tomcat:8.5.12 cpe:/a:apache:tomcat:8.5.13 cpe:/a:apache:tomcat:8.5.14 cpe:/a:apache:tomcat:8.5.15 cpe:/a:apache:tomcat:8.5.16 cpe:/a:apache:tomcat:8.5.17 cpe:/a:apache:tomcat:8.5.18 cpe:/a:apache:tomcat:8.5.19 cpe:/a:apache:tomcat:8.5.20 cpe:/a:apache:tomcat:8.5.21 cpe:/a:apache:tomcat:8.5.22 cpe:/a:apache:tomcat:8.5.23 cpe:/a:apache:tomcat:8.5.24 cpe:/a:apache:tomcat:8.5.25 cpe:/a:apache:tomcat:8.5.26 cpe:/a:apache:tomcat:8.5.27 cpe:/a:apache:tomcat:9.0.0 cpe:/a:apache:tomcat:9.0.0:m1 cpe:/a:apache:tomcat:9.0.0:m10 cpe:/a:apache:tomcat:9.0.0:m11 cpe:/a:apache:tomcat:9.0.0:m12 cpe:/a:apache:tomcat:9.0.0:m13 cpe:/a:apache:tomcat:9.0.0:m14 cpe:/a:apache:tomcat:9.0.0:m15 cpe:/a:apache:tomcat:9.0.0:m16 cpe:/a:apache:tomcat:9.0.0:m17 cpe:/a:apache:tomcat:9.0.0:m18 cpe:/a:apache:tomcat:9.0.0:m19 cpe:/a:apache:tomcat:9.0.0:m2 cpe:/a:apache:tomcat:9.0.0:m20 cpe:/a:apache:tomcat:9.0.0:m21 cpe:/a:apache:tomcat:9.0.0:m22 cpe:/a:apache:tomcat:9.0.0:m23 cpe:/a:apache:tomcat:9.0.0:m24 cpe:/a:apache:tomcat:9.0.0:m25 cpe:/a:apache:tomcat:9.0.0:m26 cpe:/a:apache:tomcat:9.0.0:m27 cpe:/a:apache:tomcat:9.0.0:m3 cpe:/a:apache:tomcat:9.0.0:m4 cpe:/a:apache:tomcat:9.0.0:m5 cpe:/a:apache:tomcat:9.0.0:m6 cpe:/a:apache:tomcat:9.0.0:m7 cpe:/a:apache:tomcat:9.0.0:m8 cpe:/a:apache:tomcat:9.0.0:m9 cpe:/a:apache:tomcat:9.0.1 cpe:/a:apache:tomcat:9.0.2 cpe:/a:apache:tomcat:9.0.3 cpe:/a:apache:tomcat:9.0.4 cpe:/a:oracle:fusion_middleware:12.2.1.3.0 cpe:/a:oracle:managed_file_transfer:12.1.3.0.0 cpe:/a:oracle:managed_file_transfer:12.2.1.3.0 cpe:/a:oracle:micros_relate_crm_software:11.4 cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~ cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~ cpe:/o:canonical:ubuntu_linux:17.10 cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~ cpe:/o:debian:debian_linux:7.0 cpe:/o:debian:debian_linux:8.0 cpe:/o:debian:debian_linux:9.0 CVE-2018-1305 2018-02-23T18:29:00.937-05:00 2019-10-02T20:03:26.223-04:00 4.0 NETWORK LOW SINGLE_INSTANCE PARTIAL NONE NONE http://nvd.nist.gov BID 103144 SECTRACK 1040428 DEBIAN DSA-4281 REDHAT RHSA-2018:0465 REDHAT RHSA-2018:0466 REDHAT RHSA-2018:1320 REDHAT RHSA-2018:2939 REDHAT RHSA-2019:2205 UBUNTU USN-3665-1 MLIST [debian-lts-announce] 20180306 [SECURITY] [DLA 1301-1] tomcat7 security update MLIST [debian-lts-announce] 20180627 [SECURITY] [DLA 1400-1] tomcat7 security update MLIST [debian-lts-announce] 20180729 [SECURITY] [DLA 1450-1] tomcat8 security update MLIST [tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ MLIST [tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ MLIST [tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ MLIST [tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ MLIST [tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ MLIST [tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/ MLIST [tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/ MLIST [tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/ MLIST [tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/ MLIST [tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/ MLIST [tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/ CONFIRM http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html CONFIRM http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html MISC https://lists.apache.org/thread.html/d3354bb0a4eda4acc0a66f3eb24a213fdb75d12c7d16060b23e65781@%3Cannounce.tomcat.apache.org%3E CONFIRM https://security.netapp.com/advisory/ntap-20180706-0001/ MISC https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html MISC https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them.