CVE-2018-1305

Severity

40%

Complexity

80%

Confidentiality

48%

Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them.

Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them.

CVSS 3.0 Base Score 6.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

CVSS 2.0 Base Score 4. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N).

Overview

First reported 6 years ago

2018-02-23 23:29:00

Last updated 5 years ago

2019-10-03 00:03:00

Affected Software

Apache Software Foundation Tomcat

Apache Software Foundation Tomcat 8.0.0 Release Candidate 1

8.0.0

Apache Software Foundation Tomcat 8.0.0 release candidate 10

8.0.0

Apache Software Foundation Tomcat 8.0.0 Release Candidate 3

8.0.0

Apache Software Foundation Tomcat 8.0.0 release candidate 5

8.0.0

Apache Software Foundation Tomcat 9.0.0 M1

9.0.0

Apache Software Foundation Tomcat 9.0.0 M10

9.0.0

Apache Software Foundation Tomcat 9.0.0 M11

9.0.0

Apache Software Foundation Tomcat 9.0.0 M12

9.0.0

Apache Software Foundation Tomcat 9.0.0 M13

9.0.0

Apache Software Foundation Tomcat 9.0.0 M14

9.0.0

Apache Software Foundation Tomcat 9.0.0 M15

9.0.0

Apache Software Foundation Tomcat 9.0.0 M16

9.0.0

Apache Software Foundation Tomcat 9.0.0 M17

9.0.0

Apache Software Foundation Tomcat 9.0.0 M18

9.0.0

Apache Software Foundation Tomcat 9.0.0 M19

9.0.0

Apache Software Foundation Tomcat 9.0.0 M2

9.0.0

Apache Software Foundation Tomcat 9.0.0 M20

9.0.0

Apache Software Foundation Tomcat 9.0.0 M21

9.0.0

Apache Software Foundation Tomcat 9.0.0 M22

9.0.0

Apache Software Foundation Tomcat 9.0.0 M23

9.0.0

Apache Software Foundation Tomcat 9.0.0 M24

9.0.0

Apache Software Foundation Tomcat 9.0.0 M25

9.0.0

Apache Software Foundation Tomcat 9.0.0 M26

9.0.0

Apache Software Foundation Tomcat 9.0.0 M27

9.0.0

Apache Software Foundation Tomcat 9.0.0 M3

9.0.0

Apache Software Foundation Tomcat 9.0.0 M4

9.0.0

Apache Software Foundation Tomcat 9.0.0 M5

9.0.0

Apache Software Foundation Tomcat 9.0.0 M6

9.0.0

Apache Software Foundation Tomcat 9.0.0 M7

9.0.0

Apache Software Foundation Tomcat 9.0.0 M8

9.0.0

Apache Software Foundation Tomcat 9.0.0 M9

9.0.0

Apache Software Foundation Tomcat 9.0.1

9.0.1

Apache Software Foundation Tomcat 9.0.2

9.0.2

Apache Software Foundation Tomcat 9.0.3

9.0.3

Apache Software Foundation Tomcat 9.0.4

9.0.4

Debian Linux 7.0

7.0

Debian Linux 8.0 (Jessie)

8.0

Debian Linux 9.0

9.0

Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)

14.04

Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)

16.04

Canonical Ubuntu Linux 17.10

17.10

Canonical Ubuntu Linux 18.04 LTS Edition

18.04

Oracle Fusion Middleware 12.2.1.3.0

12.2.1.3.0

Oracle Managed File Transfer 12.1.3.0.0

12.1.3.0.0

Oracle Managed File Transfer 12.2.1.3.0

12.2.1.3.0

Oracle MICROS Relate CRM Software 11.4

11.4

References

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Patch, Third Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Patch, Third Party Advisory

103144

Third Party Advisory, VDB Entry

1040428

Third Party Advisory, VDB Entry

RHSA-2018:0465

Third Party Advisory

RHSA-2018:0466

Third Party Advisory

RHSA-2018:1320

Third Party Advisory

RHSA-2018:2939

Third Party Advisory

RHSA-2019:2205

[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/

Mailing List, Third Party Advisory

[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/

Mailing List, Vendor Advisory

[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/

Mailing List, Vendor Advisory

[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/

Mailing List, Third Party Advisory

[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/

Mailing List, Vendor Advisory

[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/

Mailing List, Third Party Advisory

[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/

Mailing List, Third Party Advisory

[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/

Mailing List, Third Party Advisory

[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/

Mailing List, Vendor Advisory

https://lists.apache.org/thread.html/d3354bb0a4eda4acc0a66f3eb24a213fdb75d12c7d16060b23e65781@%3Cannounce.tomcat.apache.org%3E

Mailing List, Vendor Advisory

[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/

Mailing List, Third Party Advisory

[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/

Mailing List, Vendor Advisory

[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/

[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/

[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/

[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/

[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/

[debian-lts-announce] 20180306 [SECURITY] [DLA 1301-1] tomcat7 security update

Mailing List, Third Party Advisory

[debian-lts-announce] 20180627 [SECURITY] [DLA 1400-1] tomcat7 security update

Mailing List, Third Party Advisory

[debian-lts-announce] 20180729 [SECURITY] [DLA 1450-1] tomcat8 security update

Mailing List, Third Party Advisory

https://security.netapp.com/advisory/ntap-20180706-0001/

Third Party Advisory

USN-3665-1

Third Party Advisory

DSA-4281

Third Party Advisory

N/A

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Patch, Third Party Advisory

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.