CVE-2018-1304

Severity

43%

Complexity

86%

Confidentiality

48%

The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected.

The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected.

CVSS 3.0 Base Score 5.9. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N).

Overview

First reported 6 years ago

2018-02-28 20:29:00

Last updated 5 years ago

2019-10-03 00:03:00

Affected Software

Apache Software Foundation Tomcat

Apache Software Foundation Tomcat 8.0.0 Release Candidate 1

8.0.0

Apache Software Foundation Tomcat 9.0.0 M1

9.0.0

Apache Software Foundation Tomcat 9.0.0 M10

9.0.0

Apache Software Foundation Tomcat 9.0.0 M11

9.0.0

Apache Software Foundation Tomcat 9.0.0 M12

9.0.0

Apache Software Foundation Tomcat 9.0.0 M13

9.0.0

Apache Software Foundation Tomcat 9.0.0 M14

9.0.0

Apache Software Foundation Tomcat 9.0.0 M15

9.0.0

Apache Software Foundation Tomcat 9.0.0 M16

9.0.0

Apache Software Foundation Tomcat 9.0.0 M17

9.0.0

Apache Software Foundation Tomcat 9.0.0 M18

9.0.0

Apache Software Foundation Tomcat 9.0.0 M19

9.0.0

Apache Software Foundation Tomcat 9.0.0 M2

9.0.0

Apache Software Foundation Tomcat 9.0.0 M20

9.0.0

Apache Software Foundation Tomcat 9.0.0 M21

9.0.0

Apache Software Foundation Tomcat 9.0.0 M22

9.0.0

Apache Software Foundation Tomcat 9.0.0 M23

9.0.0

Apache Software Foundation Tomcat 9.0.0 M24

9.0.0

Apache Software Foundation Tomcat 9.0.0 M25

9.0.0

Apache Software Foundation Tomcat 9.0.0 M26

9.0.0

Apache Software Foundation Tomcat 9.0.0 M27

9.0.0

Apache Software Foundation Tomcat 9.0.0 M3

9.0.0

Apache Software Foundation Tomcat 9.0.0 M4

9.0.0

Apache Software Foundation Tomcat 9.0.0 M5

9.0.0

Apache Software Foundation Tomcat 9.0.0 M6

9.0.0

Apache Software Foundation Tomcat 9.0.0 M7

9.0.0

Apache Software Foundation Tomcat 9.0.0 M8

9.0.0

Apache Software Foundation Tomcat 9.0.0 M9

9.0.0

Debian Linux 7.0

7.0

Debian Linux 8.0 (Jessie)

8.0

Debian Linux 9.0

9.0

Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)

14.04

Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)

16.04

Canonical Ubuntu Linux 17.10

17.10

Canonical Ubuntu Linux 18.04 LTS Edition

18.04

Oracle Fusion Middleware 12.2.1.3.0

12.2.1.3.0

Oracle Hospitality Guest Access 4.2.0

4.2.0

Oracle Hospitality Guest Access 4.2.1

4.2.1

Oracle MICROS Relate CRM Software 11.4

11.4

Oracle Secure Global Desktop 5.4

5.4

References

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Patch, Third Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Patch, Third Party Advisory

103170

Third Party Advisory, VDB Entry

1040427

Third Party Advisory, VDB Entry

RHSA-2018:0465

Third Party Advisory

RHSA-2018:0466

Third Party Advisory

RHSA-2018:1320

Third Party Advisory

RHSA-2018:1447

Third Party Advisory

RHSA-2018:1448

Third Party Advisory

RHSA-2018:1449

Third Party Advisory

RHSA-2018:1450

Third Party Advisory

RHSA-2018:1451

Third Party Advisory

RHSA-2018:2939

Third Party Advisory

RHSA-2019:2205

[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/

Mailing List, Third Party Advisory

[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/

Mailing List, Vendor Advisory

[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/

Mailing List, Vendor Advisory

[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/

Mailing List, Third Party Advisory

[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/

Mailing List, Vendor Advisory

[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/

Mailing List, Third Party Advisory

[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/

Mailing List, Third Party Advisory

[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/

Mailing List, Third Party Advisory

https://lists.apache.org/thread.html/b1d7e2425d6fd2cebed40d318f9365b44546077e10949b01b1f8a0fb@%3Cannounce.tomcat.apache.org%3E

Mailing List, Vendor Advisory

[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/

Mailing List, Vendor Advisory

[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/

Mailing List, Third Party Advisory

[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/

Mailing List, Vendor Advisory

[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/

[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/

[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/

[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/

[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/

[debian-lts-announce] 20180306 [SECURITY] [DLA 1301-1] tomcat7 security update

Issue Tracking, Third Party Advisory

[debian-lts-announce] 20180627 [SECURITY] [DLA 1400-1] tomcat7 security update

Mailing List, Third Party Advisory

[debian-lts-announce] 20180729 [SECURITY] [DLA 1450-1] tomcat8 security update

Mailing List, Third Party Advisory

https://security.netapp.com/advisory/ntap-20180706-0001/

Patch, Third Party Advisory

USN-3665-1

Third Party Advisory

DSA-4281

Third Party Advisory

N/A

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Patch, Third Party Advisory

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.