Vulnerability-Lookup

CVE-2018-8034 (GCVE-0-2018-8034)

Vulnerability from cvelistv5 – Published: 2018-08-01 18:00 – Updated: 2024-10-21 16:09

Summary

The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

Security Constraint Bypass

Assigner

apache

References

41 references

URL	Tags
https://usn.ubuntu.com/3723-1/	vendor-advisoryx_refsource_UBUNTU
http://mail-archives.us.apache.org/mod_mbox/www-a…	mailing-listx_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:0451	vendor-advisoryx_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST
https://www.debian.org/security/2018/dsa-4281	vendor-advisoryx_refsource_DEBIAN
http://www.securitytracker.com/id/1041374	vdb-entryx_refsource_SECTRACK
https://security.netapp.com/advisory/ntap-2018081…	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2019:0131	vendor-advisoryx_refsource_REDHAT
http://www.oracle.com/technetwork/security-adviso…	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2019:0130	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:0450	vendor-advisoryx_refsource_REDHAT
https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST
http://www.securityfocus.com/bid/104895	vdb-entryx_refsource_BID
https://lists.apache.org/thread.html/eb6efa8d59c4…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/343558d98287…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/388a323769f1…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/5c0e00fd31ef…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/b5e3f51d28cd…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/88855876c33f…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/e85e83e9954f…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/845312a10aab…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/1dd0a59c1295…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/3d19773b4cf0…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/6af47120905a…	mailing-listx_refsource_MLIST
https://www.oracle.com/technetwork/security-advis…	x_refsource_MISC
https://access.redhat.com/errata/RHSA-2019:1160	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1162	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1159	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1161	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1529	vendor-advisoryx_refsource_REDHAT
https://www.oracle.com/technetwork/security-advis…	x_refsource_MISC
https://lists.apache.org/thread.html/ac51944aef91…	mailing-listx_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:2205	vendor-advisoryx_refsource_REDHAT
https://www.oracle.com/technetwork/security-advis…	x_refsource_MISC
https://access.redhat.com/errata/RHSA-2019:3892	vendor-advisoryx_refsource_REDHAT
https://lists.apache.org/thread.html/r6ccee4e849b…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r3bbb800a816…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r9136ff5b13e…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/raba0fabaf4d…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r48c1444845f…	mailing-listx_refsource_MLIST
https://www.oracle.com/security-alerts/cpuapr2020.html	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache Tomcat	Affected: 9.0.0.M1 to 9.0.9 Affected: 8.5.0 to 8.5.31 Affected: 8.0.0.RC1 to 8.0.52 Affected: 7.0.35 to 7.0.88

Date Public

2018-07-22 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:46:12.214Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3723-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3723-1/"
          },
          {
            "name": "[www-announce] 20180722 [SECURITY] CVE-2018-8034 Apache Tomcat - Security Constraint Bypass",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722091057.GA70283%40minotaur.apache.org%3E"
          },
          {
            "name": "RHSA-2019:0451",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0451"
          },
          {
            "name": "[debian-lts-announce] 20180730 [SECURITY] [DLA 1453-1] tomcat7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00047.html"
          },
          {
            "name": "DSA-4281",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4281"
          },
          {
            "name": "1041374",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041374"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180817-0001/"
          },
          {
            "name": "RHSA-2019:0131",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0131"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "name": "RHSA-2019:0130",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0130"
          },
          {
            "name": "RHSA-2019:0450",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0450"
          },
          {
            "name": "[debian-lts-announce] 20180902 [SECURITY] [DLA 1491-1] tomcat8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00001.html"
          },
          {
            "name": "104895",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104895"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "name": "RHSA-2019:1160",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1160"
          },
          {
            "name": "RHSA-2019:1162",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1162"
          },
          {
            "name": "RHSA-2019:1159",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1159"
          },
          {
            "name": "RHSA-2019:1161",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1161"
          },
          {
            "name": "RHSA-2019:1529",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1529"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "name": "[activemq-issues] 20190723 [jira] [Created] (AMQ-7249) Security Vulnerabilities in the ActiveMQ dependent jars.",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E"
          },
          {
            "name": "RHSA-2019:2205",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2205"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "name": "RHSA-2019:3892",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3892"
          },
          {
            "name": "[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2018-8034",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-15T17:30:15.701472Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-295",
                "description": "CWE-295 Improper Certificate Validation",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-21T16:09:49.791Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Tomcat",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "9.0.0.M1 to 9.0.9"
            },
            {
              "status": "affected",
              "version": "8.5.0 to 8.5.31"
            },
            {
              "status": "affected",
              "version": "8.0.0.RC1 to 8.0.52"
            },
            {
              "status": "affected",
              "version": "7.0.35 to 7.0.88"
            }
          ]
        }
      ],
      "datePublic": "2018-07-22T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Security Constraint Bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-15T21:06:47.000Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "name": "USN-3723-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3723-1/"
        },
        {
          "name": "[www-announce] 20180722 [SECURITY] CVE-2018-8034 Apache Tomcat - Security Constraint Bypass",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722091057.GA70283%40minotaur.apache.org%3E"
        },
        {
          "name": "RHSA-2019:0451",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0451"
        },
        {
          "name": "[debian-lts-announce] 20180730 [SECURITY] [DLA 1453-1] tomcat7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00047.html"
        },
        {
          "name": "DSA-4281",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4281"
        },
        {
          "name": "1041374",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041374"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180817-0001/"
        },
        {
          "name": "RHSA-2019:0131",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0131"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
        },
        {
          "name": "RHSA-2019:0130",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0130"
        },
        {
          "name": "RHSA-2019:0450",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0450"
        },
        {
          "name": "[debian-lts-announce] 20180902 [SECURITY] [DLA 1491-1] tomcat8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00001.html"
        },
        {
          "name": "104895",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104895"
        },
        {
          "name": "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "name": "RHSA-2019:1160",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1160"
        },
        {
          "name": "RHSA-2019:1162",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1162"
        },
        {
          "name": "RHSA-2019:1159",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1159"
        },
        {
          "name": "RHSA-2019:1161",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1161"
        },
        {
          "name": "RHSA-2019:1529",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1529"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "name": "[activemq-issues] 20190723 [jira] [Created] (AMQ-7249) Security Vulnerabilities in the ActiveMQ dependent jars.",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E"
        },
        {
          "name": "RHSA-2019:2205",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2205"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "name": "RHSA-2019:3892",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3892"
        },
        {
          "name": "[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "DATE_PUBLIC": "2018-07-22T00:00:00",
          "ID": "CVE-2018-8034",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Tomcat",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.0.0.M1 to 9.0.9"
                          },
                          {
                            "version_value": "8.5.0 to 8.5.31"
                          },
                          {
                            "version_value": "8.0.0.RC1 to 8.0.52"
                          },
                          {
                            "version_value": "7.0.35 to 7.0.88"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Security Constraint Bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3723-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3723-1/"
            },
            {
              "name": "[www-announce] 20180722 [SECURITY] CVE-2018-8034 Apache Tomcat - Security Constraint Bypass",
              "refsource": "MLIST",
              "url": "http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722091057.GA70283@minotaur.apache.org%3E"
            },
            {
              "name": "RHSA-2019:0451",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0451"
            },
            {
              "name": "[debian-lts-announce] 20180730 [SECURITY] [DLA 1453-1] tomcat7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00047.html"
            },
            {
              "name": "DSA-4281",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4281"
            },
            {
              "name": "1041374",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041374"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180817-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180817-0001/"
            },
            {
              "name": "RHSA-2019:0131",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0131"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            },
            {
              "name": "RHSA-2019:0130",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0130"
            },
            {
              "name": "RHSA-2019:0450",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0450"
            },
            {
              "name": "[debian-lts-announce] 20180902 [SECURITY] [DLA 1491-1] tomcat8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00001.html"
            },
            {
              "name": "104895",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104895"
            },
            {
              "name": "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "RHSA-2019:1160",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1160"
            },
            {
              "name": "RHSA-2019:1162",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1162"
            },
            {
              "name": "RHSA-2019:1159",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1159"
            },
            {
              "name": "RHSA-2019:1161",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1161"
            },
            {
              "name": "RHSA-2019:1529",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1529"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "[activemq-issues] 20190723 [jira] [Created] (AMQ-7249) Security Vulnerabilities in the ActiveMQ dependent jars.",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4@%3Cissues.activemq.apache.org%3E"
            },
            {
              "name": "RHSA-2019:2205",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2205"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "name": "RHSA-2019:3892",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3892"
            },
            {
              "name": "[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2018-8034",
    "datePublished": "2018-08-01T18:00:00.000Z",
    "dateReserved": "2018-03-09T00:00:00.000Z",
    "dateUpdated": "2024-10-21T16:09:49.791Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2018-8034",
      "date": "2026-05-28",
      "epss": "0.11721",
      "percentile": "0.93799"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-8034\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2018-08-01T18:29:00.313\",\"lastModified\":\"2024-11-21T04:13:08.547\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.\"},{\"lang\":\"es\",\"value\":\"No hay verificaci\u00f3n del nombre del host al emplear TLS con el cliente WebSocket. Ahora est\u00e1 habilitado por defecto. Versiones afectadas: Apache Tomcat de la versi\u00f3n 9.0.0.M1 a la 9.0.9, 8.5.0 a la 8.5.31, 8.0.0.RC1 a la 8.0.52 y de la versi\u00f3n 7.0.35 a la 7.0.88.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.35\",\"versionEndIncluding\":\"7.0.88\",\"matchCriteriaId\":\"E96338A5-D735-4922-B414-3D1FAC6F525D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndIncluding\":\"8.0.52\",\"matchCriteriaId\":\"7BB21142-B958-42CA-9149-300A5ECBE3D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.5.0\",\"versionEndIncluding\":\"8.5.31\",\"matchCriteriaId\":\"BC29F706-8DA5-42EC-A65A-B2168CA83E9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.1\",\"versionEndIncluding\":\"9.0.9\",\"matchCriteriaId\":\"DFDCC646-7CAB-45FF-B53B-AFBFFEF393D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4752862B-7D26-4285-B8A0-CF082C758353\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*\",\"matchCriteriaId\":\"58EA7199-3373-4F97-9907-3A479A02155E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4693BD36-E522-4C8E-9667-8F3E14A05EF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F963D737-2E95-4D7C-92C7-DACF3F36D1E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.0:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"3AA5A5C3-EDA2-4D94-AECB-C68033B365FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BBBC5EA-012C-4C5D-A61B-BAF134B300DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.0:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B1A832F-C7B4-4877-A6B3-F5A8DF6E0804\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.0:rc7:*:*:*:*:*:*\",\"matchCriteriaId\":\"076317B8-63D9-4FF2-8F70-72081B4A8825\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.0:rc8:*:*:*:*:*:*\",\"matchCriteriaId\":\"059E3AB7-A3C7-448C-89ED-F1FD91180582\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.0:rc9:*:*:*:*:*:*\",\"matchCriteriaId\":\"3612969F-B998-452E-A6E7-1D5D96DA9995\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D0689FE-4BC0-4F53-8C79-34B21F9B86C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*\",\"matchCriteriaId\":\"89B129B2-FB6F-4EF9-BF12-E589A87996CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B6787B6-54A8-475E-BA1C-AB99334B2535\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*\",\"matchCriteriaId\":\"EABB6FBC-7486-44D5-A6AD-FFF1D3F677E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*\",\"matchCriteriaId\":\"E10C03BC-EE6B-45B2-83AE-9E8DFB58D7DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A6DA0BE-908C-4DA8-A191-A0113235E99A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*\",\"matchCriteriaId\":\"39029C72-28B4-46A4-BFF5-EC822CFB2A4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A2E05A3-014F-4C4D-81E5-88E725FBD6AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*\",\"matchCriteriaId\":\"166C533C-0833-41D5-99B6-17A4FAB3CAF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3768C60-21FA-4B92-B98C-C3A2602D1BC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDD510FA-A2E4-4BAF-A0DE-F4E5777E9325\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F542E12-6BA8-4504-A494-DA83E7E19BD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2409CC7-6A85-4A66-A457-0D62B9895DC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*\",\"matchCriteriaId\":\"B392A7E5-4455-4B1C-8FAC-AE6DDC70689E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF411DDA-2601-449A-9046-D250419A0E1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7D8F2F4-AFE2-47EA-A3FD-79B54324DE02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B4FBF97-DE16-4E5E-BE19-471E01818D40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B266B1E-24B5-47EE-A421-E0E3CC0C7471\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*\",\"matchCriteriaId\":\"29614C3A-6FB3-41C7-B56E-9CC3F45B04F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6AB156C-8FF6-4727-AF75-590D0DCB3F9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0C5F004-F7D8-45DB-B173-351C50B0EC16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1902D2E-1896-4D3D-9E1C-3A675255072C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*\",\"matchCriteriaId\":\"49AAF4DF-F61D-47A8-8788-A21E317A145D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*\",\"matchCriteriaId\":\"454211D0-60A2-4661-AECA-4C0121413FEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*\",\"matchCriteriaId\":\"0686F977-889F-4960-8E0B-7784B73A7F2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*\",\"matchCriteriaId\":\"558703AE-DB5E-4DFF-B497-C36694DD7B24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED6273F2-1165-47A4-8DD7-9E9B2472941B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_order_broker:5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAA4DF85-9225-4422-BF10-D7DAE7DCE007\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77C2A2A4-285B-40A1-B9AD-42219D742DD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE8CF045-09BB-4069-BCEC-496D5AE3B780\"}]}]}],\"references\":[{\"url\":\"http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722091057.GA70283%40minotaur.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/104895\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041374\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0130\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0131\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0450\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0451\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1159\",\"source\":\"security@apache.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1160\",\"source\":\"security@apache.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1161\",\"source\":\"security@apache.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1162\",\"source\":\"security@apache.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1529\",\"source\":\"security@apache.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2205\",\"source\":\"security@apache.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3892\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/07/msg00047.html\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/09/msg00001.html\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20180817-0001/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3723-1/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4281\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"source\":\"security@apache.org\"},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"security@apache.org\"},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\",\"source\":\"security@apache.org\"},{\"url\":\"http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722091057.GA70283%40minotaur.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/104895\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041374\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0130\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0131\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0450\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0451\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1159\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1160\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1161\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1162\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1529\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2205\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3892\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/07/msg00047.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/09/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20180817-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3723-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4281\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://usn.ubuntu.com/3723-1/\", \"name\": \"USN-3723-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\", \"x_transferred\"]}, {\"url\": \"http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722091057.GA70283%40minotaur.apache.org%3E\", \"name\": \"[www-announce] 20180722 [SECURITY] CVE-2018-8034 Apache Tomcat - Security Constraint Bypass\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:0451\", \"name\": \"RHSA-2019:0451\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/07/msg00047.html\", \"name\": \"[debian-lts-announce] 20180730 [SECURITY] [DLA 1453-1] tomcat7 security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4281\", \"name\": \"DSA-4281\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\", \"x_transferred\"]}, {\"url\": \"http://www.securitytracker.com/id/1041374\", \"name\": \"1041374\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20180817-0001/\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:0131\", \"name\": \"RHSA-2019:0131\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:0130\", \"name\": \"RHSA-2019:0130\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:0450\", \"name\": \"RHSA-2019:0450\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/09/msg00001.html\", \"name\": \"[debian-lts-announce] 20180902 [SECURITY] [DLA 1491-1] tomcat8 security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/104895\", \"name\": \"104895\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1160\", \"name\": \"RHSA-2019:1160\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1162\", \"name\": \"RHSA-2019:1162\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1159\", \"name\": \"RHSA-2019:1159\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1161\", \"name\": \"RHSA-2019:1161\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1529\", \"name\": \"RHSA-2019:1529\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E\", \"name\": \"[activemq-issues] 20190723 [jira] [Created] (AMQ-7249) Security Vulnerabilities in the ActiveMQ dependent jars.\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2205\", \"name\": \"RHSA-2019:2205\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3892\", \"name\": \"RHSA-2019:3892\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T06:46:12.214Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2018-8034\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-15T17:30:15.701472Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-295\", \"description\": \"CWE-295 Improper Certificate Validation\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-21T16:09:43.182Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Tomcat\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.0.0.M1 to 9.0.9\"}, {\"status\": \"affected\", \"version\": \"8.5.0 to 8.5.31\"}, {\"status\": \"affected\", \"version\": \"8.0.0.RC1 to 8.0.52\"}, {\"status\": \"affected\", \"version\": \"7.0.35 to 7.0.88\"}]}], \"datePublic\": \"2018-07-22T00:00:00.000Z\", \"references\": [{\"url\": \"https://usn.ubuntu.com/3723-1/\", \"name\": \"USN-3723-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\"]}, {\"url\": \"http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722091057.GA70283%40minotaur.apache.org%3E\", \"name\": \"[www-announce] 20180722 [SECURITY] CVE-2018-8034 Apache Tomcat - Security Constraint Bypass\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:0451\", \"name\": \"RHSA-2019:0451\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/07/msg00047.html\", \"name\": \"[debian-lts-announce] 20180730 [SECURITY] [DLA 1453-1] tomcat7 security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4281\", \"name\": \"DSA-4281\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\"]}, {\"url\": \"http://www.securitytracker.com/id/1041374\", \"name\": \"1041374\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20180817-0001/\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:0131\", \"name\": \"RHSA-2019:0131\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:0130\", \"name\": \"RHSA-2019:0130\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:0450\", \"name\": \"RHSA-2019:0450\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/09/msg00001.html\", \"name\": \"[debian-lts-announce] 20180902 [SECURITY] [DLA 1491-1] tomcat8 security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"http://www.securityfocus.com/bid/104895\", \"name\": \"104895\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1160\", \"name\": \"RHSA-2019:1160\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1162\", \"name\": \"RHSA-2019:1162\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1159\", \"name\": \"RHSA-2019:1159\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1161\", \"name\": \"RHSA-2019:1161\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1529\", \"name\": \"RHSA-2019:1529\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E\", \"name\": \"[activemq-issues] 20190723 [jira] [Created] (AMQ-7249) Security Vulnerabilities in the ActiveMQ dependent jars.\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2205\", \"name\": \"RHSA-2019:2205\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3892\", \"name\": \"RHSA-2019:3892\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Security Constraint Bypass\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2020-04-15T21:06:47.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"9.0.0.M1 to 9.0.9\"}, {\"version_value\": \"8.5.0 to 8.5.31\"}, {\"version_value\": \"8.0.0.RC1 to 8.0.52\"}, {\"version_value\": \"7.0.35 to 7.0.88\"}]}, \"product_name\": \"Apache Tomcat\"}]}, \"vendor_name\": \"Apache Software Foundation\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://usn.ubuntu.com/3723-1/\", \"name\": \"USN-3723-1\", \"refsource\": \"UBUNTU\"}, {\"url\": \"http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722091057.GA70283@minotaur.apache.org%3E\", \"name\": \"[www-announce] 20180722 [SECURITY] CVE-2018-8034 Apache Tomcat - Security Constraint Bypass\", \"refsource\": \"MLIST\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:0451\", \"name\": \"RHSA-2019:0451\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/07/msg00047.html\", \"name\": \"[debian-lts-announce] 20180730 [SECURITY] [DLA 1453-1] tomcat7 security update\", \"refsource\": \"MLIST\"}, {\"url\": \"https://www.debian.org/security/2018/dsa-4281\", \"name\": \"DSA-4281\", \"refsource\": \"DEBIAN\"}, {\"url\": \"http://www.securitytracker.com/id/1041374\", \"name\": \"1041374\", \"refsource\": \"SECTRACK\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20180817-0001/\", \"name\": \"https://security.netapp.com/advisory/ntap-20180817-0001/\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:0131\", \"name\": \"RHSA-2019:0131\", \"refsource\": \"REDHAT\"}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\", \"name\": \"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:0130\", \"name\": \"RHSA-2019:0130\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:0450\", \"name\": \"RHSA-2019:0450\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/09/msg00001.html\", \"name\": \"[debian-lts-announce] 20180902 [SECURITY] [DLA 1491-1] tomcat8 security update\", \"refsource\": \"MLIST\"}, {\"url\": \"http://www.securityfocus.com/bid/104895\", \"name\": \"104895\", \"refsource\": \"BID\"}, {\"url\": \"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/\", \"refsource\": \"MLIST\"}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\", \"name\": \"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1160\", \"name\": \"RHSA-2019:1160\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1162\", \"name\": \"RHSA-2019:1162\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1159\", \"name\": \"RHSA-2019:1159\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1161\", \"name\": \"RHSA-2019:1161\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1529\", \"name\": \"RHSA-2019:1529\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"name\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4@%3Cissues.activemq.apache.org%3E\", \"name\": \"[activemq-issues] 20190723 [jira] [Created] (AMQ-7249) Security Vulnerabilities in the ActiveMQ dependent jars.\", \"refsource\": \"MLIST\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2205\", \"name\": \"RHSA-2019:2205\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\", \"name\": \"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3892\", \"name\": \"RHSA-2019:3892\", \"refsource\": \"REDHAT\"}, {\"url\": \"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E\", \"name\": \"[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/\", \"refsource\": \"MLIST\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\", \"name\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Security Constraint Bypass\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2018-8034\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"security@apache.org\", \"DATE_PUBLIC\": \"2018-07-22T00:00:00\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2018-8034\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-21T16:09:49.791Z\", \"dateReserved\": \"2018-03-09T00:00:00.000Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2018-08-01T18:00:00.000Z\", \"assignerShortName\": \"apache\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

SUSE-SU-2018:2699-1

Vulnerability from csaf_suse - Published: 2018-09-13 05:57 - Updated: 2018-09-13 05:57

Summary

Security update for tomcat

Severity

Moderate

Notes

Title of the patch: Security update for tomcat

Description of the patch: This update for tomcat to 8.0.53 fixes the following issues: Security issue fixed: - CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder with supplementary characters could have lead to an infinite loop in the decoder causing a Denial of Service (bsc#1102400). - CVE-2018-8034: The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default (bsc#1102379). - CVE-2018-8037: If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could have resulted in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2 connectors that did not correctly track the closure of the connection when an async request was completed by the application and timed out by the container at the same time. This could also have resulted in a user seeing a response intended for another user (bsc#1102410). - CVE-2018-8014: Fix insecure default CORS filter settings (bsc#1093697). Bug fixes: - bsc#1067720: Avoid overwriting of customer's configuration during update. - bsc#1095472: Add Obsoletes for tomcat6 packages.

Patchnames: SUSE-SLE-SERVER-12-SP3-2018-1890

CVE-2018-1336

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tomcat-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tomcat-admin-webapps-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tomcat-docs-webapp-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tomcat-el-3_0-api-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tomcat-javadoc-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tomcat-jsp-2_3-api-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tomcat-lib-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tomcat-servlet-3_1-api-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tomcat-webapps-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-admin-webapps-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-docs-webapp-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-el-3_0-api-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-javadoc-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-jsp-2_3-api-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-lib-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-servlet-3_1-api-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-webapps-8.0.53-29.13.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2018-8014

5.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tomcat-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tomcat-admin-webapps-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tomcat-docs-webapp-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tomcat-el-3_0-api-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tomcat-javadoc-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tomcat-jsp-2_3-api-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tomcat-lib-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tomcat-servlet-3_1-api-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tomcat-webapps-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-admin-webapps-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-docs-webapp-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-el-3_0-api-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-javadoc-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-jsp-2_3-api-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-lib-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-servlet-3_1-api-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-webapps-8.0.53-29.13.1.noarch	—	Vendor Fix

Threats

Impact low

CVE-2018-8034

6.5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tomcat-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tomcat-admin-webapps-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tomcat-docs-webapp-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tomcat-el-3_0-api-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tomcat-javadoc-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tomcat-jsp-2_3-api-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tomcat-lib-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tomcat-servlet-3_1-api-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tomcat-webapps-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-admin-webapps-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-docs-webapp-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-el-3_0-api-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-javadoc-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-jsp-2_3-api-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-lib-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-servlet-3_1-api-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-webapps-8.0.53-29.13.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2018-8037

9.1 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tomcat-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tomcat-admin-webapps-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tomcat-docs-webapp-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tomcat-el-3_0-api-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tomcat-javadoc-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tomcat-jsp-2_3-api-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tomcat-lib-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tomcat-servlet-3_1-api-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:tomcat-webapps-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-admin-webapps-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-docs-webapp-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-el-3_0-api-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-javadoc-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-jsp-2_3-api-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-lib-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-servlet-3_1-api-8.0.53-29.13.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-webapps-8.0.53-29.13.1.noarch	—	Vendor Fix

Threats

Impact critical

References

23 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1067720	self
https://bugzilla.suse.com/1093697	self
https://bugzilla.suse.com/1095472	self
https://bugzilla.suse.com/1102379	self
https://bugzilla.suse.com/1102400	self
https://bugzilla.suse.com/1102410	self
https://www.suse.com/security/cve/CVE-2018-1336/	self
https://www.suse.com/security/cve/CVE-2018-8014/	self
https://www.suse.com/security/cve/CVE-2018-8034/	self
https://www.suse.com/security/cve/CVE-2018-8037/	self
https://www.suse.com/security/cve/CVE-2018-1336	external
https://bugzilla.suse.com/1102400	external
https://www.suse.com/security/cve/CVE-2018-8014	external
https://bugzilla.suse.com/1093697	external
https://www.suse.com/security/cve/CVE-2018-8034	external
https://bugzilla.suse.com/1102379	external
https://www.suse.com/security/cve/CVE-2018-8037	external
https://bugzilla.suse.com/1003579	external
https://bugzilla.suse.com/1102410	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for tomcat",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for tomcat to 8.0.53 fixes the following issues:\n\nSecurity issue fixed:\n\n- CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder with\n  supplementary characters could have lead to an infinite loop in the decoder\n  causing a Denial of Service (bsc#1102400).\n- CVE-2018-8034: The host name verification when using TLS with the WebSocket\n  client was missing. It is now enabled by default (bsc#1102379).\n- CVE-2018-8037: If an async request was completed by the application at the\n  same time as the container triggered the async timeout, a race condition\n  existed that could have resulted in a user seeing a response intended for a\n  different user. An additional issue was present in the NIO and NIO2 connectors\n  that did not correctly track the closure of the connection when an async\n  request was completed by the application and timed out by the container at the\n  same time. This could also have resulted in a user seeing a response intended\n  for another user (bsc#1102410).\n- CVE-2018-8014: Fix insecure default CORS filter settings (bsc#1093697).\n\nBug fixes:\n\n- bsc#1067720: Avoid overwriting of customer\u0027s configuration during update.\n- bsc#1095472: Add Obsoletes for tomcat6 packages.\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-SERVER-12-SP3-2018-1890",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_2699-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2018:2699-1",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182699-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2018:2699-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2018-September/004557.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1067720",
        "url": "https://bugzilla.suse.com/1067720"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1093697",
        "url": "https://bugzilla.suse.com/1093697"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1095472",
        "url": "https://bugzilla.suse.com/1095472"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1102379",
        "url": "https://bugzilla.suse.com/1102379"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1102400",
        "url": "https://bugzilla.suse.com/1102400"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1102410",
        "url": "https://bugzilla.suse.com/1102410"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-1336 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-1336/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-8014 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-8014/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-8034 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-8034/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-8037 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-8037/"
      }
    ],
    "title": "Security update for tomcat",
    "tracking": {
      "current_release_date": "2018-09-13T05:57:00Z",
      "generator": {
        "date": "2018-09-13T05:57:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2018:2699-1",
      "initial_release_date": "2018-09-13T05:57:00Z",
      "revision_history": [
        {
          "date": "2018-09-13T05:57:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat-8.0.53-29.13.1.noarch",
                "product": {
                  "name": "tomcat-8.0.53-29.13.1.noarch",
                  "product_id": "tomcat-8.0.53-29.13.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-admin-webapps-8.0.53-29.13.1.noarch",
                "product": {
                  "name": "tomcat-admin-webapps-8.0.53-29.13.1.noarch",
                  "product_id": "tomcat-admin-webapps-8.0.53-29.13.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-docs-webapp-8.0.53-29.13.1.noarch",
                "product": {
                  "name": "tomcat-docs-webapp-8.0.53-29.13.1.noarch",
                  "product_id": "tomcat-docs-webapp-8.0.53-29.13.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-el-3_0-api-8.0.53-29.13.1.noarch",
                "product": {
                  "name": "tomcat-el-3_0-api-8.0.53-29.13.1.noarch",
                  "product_id": "tomcat-el-3_0-api-8.0.53-29.13.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-javadoc-8.0.53-29.13.1.noarch",
                "product": {
                  "name": "tomcat-javadoc-8.0.53-29.13.1.noarch",
                  "product_id": "tomcat-javadoc-8.0.53-29.13.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-jsp-2_3-api-8.0.53-29.13.1.noarch",
                "product": {
                  "name": "tomcat-jsp-2_3-api-8.0.53-29.13.1.noarch",
                  "product_id": "tomcat-jsp-2_3-api-8.0.53-29.13.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-lib-8.0.53-29.13.1.noarch",
                "product": {
                  "name": "tomcat-lib-8.0.53-29.13.1.noarch",
                  "product_id": "tomcat-lib-8.0.53-29.13.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-servlet-3_1-api-8.0.53-29.13.1.noarch",
                "product": {
                  "name": "tomcat-servlet-3_1-api-8.0.53-29.13.1.noarch",
                  "product_id": "tomcat-servlet-3_1-api-8.0.53-29.13.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-webapps-8.0.53-29.13.1.noarch",
                "product": {
                  "name": "tomcat-webapps-8.0.53-29.13.1.noarch",
                  "product_id": "tomcat-webapps-8.0.53-29.13.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP3",
                  "product_id": "SUSE Linux Enterprise Server 12 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:12:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-8.0.53-29.13.1.noarch as component of SUSE Linux Enterprise Server 12 SP3",
          "product_id": "SUSE Linux Enterprise Server 12 SP3:tomcat-8.0.53-29.13.1.noarch"
        },
        "product_reference": "tomcat-8.0.53-29.13.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-admin-webapps-8.0.53-29.13.1.noarch as component of SUSE Linux Enterprise Server 12 SP3",
          "product_id": "SUSE Linux Enterprise Server 12 SP3:tomcat-admin-webapps-8.0.53-29.13.1.noarch"
        },
        "product_reference": "tomcat-admin-webapps-8.0.53-29.13.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-docs-webapp-8.0.53-29.13.1.noarch as component of SUSE Linux Enterprise Server 12 SP3",
          "product_id": "SUSE Linux Enterprise Server 12 SP3:tomcat-docs-webapp-8.0.53-29.13.1.noarch"
        },
        "product_reference": "tomcat-docs-webapp-8.0.53-29.13.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-el-3_0-api-8.0.53-29.13.1.noarch as component of SUSE Linux Enterprise Server 12 SP3",
          "product_id": "SUSE Linux Enterprise Server 12 SP3:tomcat-el-3_0-api-8.0.53-29.13.1.noarch"
        },
        "product_reference": "tomcat-el-3_0-api-8.0.53-29.13.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-javadoc-8.0.53-29.13.1.noarch as component of SUSE Linux Enterprise Server 12 SP3",
          "product_id": "SUSE Linux Enterprise Server 12 SP3:tomcat-javadoc-8.0.53-29.13.1.noarch"
        },
        "product_reference": "tomcat-javadoc-8.0.53-29.13.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-jsp-2_3-api-8.0.53-29.13.1.noarch as component of SUSE Linux Enterprise Server 12 SP3",
          "product_id": "SUSE Linux Enterprise Server 12 SP3:tomcat-jsp-2_3-api-8.0.53-29.13.1.noarch"
        },
        "product_reference": "tomcat-jsp-2_3-api-8.0.53-29.13.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-lib-8.0.53-29.13.1.noarch as component of SUSE Linux Enterprise Server 12 SP3",
          "product_id": "SUSE Linux Enterprise Server 12 SP3:tomcat-lib-8.0.53-29.13.1.noarch"
        },
        "product_reference": "tomcat-lib-8.0.53-29.13.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-servlet-3_1-api-8.0.53-29.13.1.noarch as component of SUSE Linux Enterprise Server 12 SP3",
          "product_id": "SUSE Linux Enterprise Server 12 SP3:tomcat-servlet-3_1-api-8.0.53-29.13.1.noarch"
        },
        "product_reference": "tomcat-servlet-3_1-api-8.0.53-29.13.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-webapps-8.0.53-29.13.1.noarch as component of SUSE Linux Enterprise Server 12 SP3",
          "product_id": "SUSE Linux Enterprise Server 12 SP3:tomcat-webapps-8.0.53-29.13.1.noarch"
        },
        "product_reference": "tomcat-webapps-8.0.53-29.13.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-8.0.53-29.13.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-8.0.53-29.13.1.noarch"
        },
        "product_reference": "tomcat-8.0.53-29.13.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-admin-webapps-8.0.53-29.13.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-admin-webapps-8.0.53-29.13.1.noarch"
        },
        "product_reference": "tomcat-admin-webapps-8.0.53-29.13.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-docs-webapp-8.0.53-29.13.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-docs-webapp-8.0.53-29.13.1.noarch"
        },
        "product_reference": "tomcat-docs-webapp-8.0.53-29.13.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-el-3_0-api-8.0.53-29.13.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-el-3_0-api-8.0.53-29.13.1.noarch"
        },
        "product_reference": "tomcat-el-3_0-api-8.0.53-29.13.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-javadoc-8.0.53-29.13.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-javadoc-8.0.53-29.13.1.noarch"
        },
        "product_reference": "tomcat-javadoc-8.0.53-29.13.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-jsp-2_3-api-8.0.53-29.13.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-jsp-2_3-api-8.0.53-29.13.1.noarch"
        },
        "product_reference": "tomcat-jsp-2_3-api-8.0.53-29.13.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-lib-8.0.53-29.13.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-lib-8.0.53-29.13.1.noarch"
        },
        "product_reference": "tomcat-lib-8.0.53-29.13.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-servlet-3_1-api-8.0.53-29.13.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-servlet-3_1-api-8.0.53-29.13.1.noarch"
        },
        "product_reference": "tomcat-servlet-3_1-api-8.0.53-29.13.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-webapps-8.0.53-29.13.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-webapps-8.0.53-29.13.1.noarch"
        },
        "product_reference": "tomcat-webapps-8.0.53-29.13.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-1336",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-1336"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP3:tomcat-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server 12 SP3:tomcat-admin-webapps-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server 12 SP3:tomcat-docs-webapp-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server 12 SP3:tomcat-el-3_0-api-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server 12 SP3:tomcat-javadoc-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server 12 SP3:tomcat-jsp-2_3-api-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server 12 SP3:tomcat-lib-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server 12 SP3:tomcat-servlet-3_1-api-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server 12 SP3:tomcat-webapps-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-admin-webapps-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-docs-webapp-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-el-3_0-api-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-javadoc-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-jsp-2_3-api-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-lib-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-servlet-3_1-api-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-webapps-8.0.53-29.13.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-1336",
          "url": "https://www.suse.com/security/cve/CVE-2018-1336"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1102400 for CVE-2018-1336",
          "url": "https://bugzilla.suse.com/1102400"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP3:tomcat-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-admin-webapps-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-docs-webapp-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-el-3_0-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-javadoc-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-jsp-2_3-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-lib-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-servlet-3_1-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-webapps-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-admin-webapps-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-docs-webapp-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-el-3_0-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-javadoc-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-jsp-2_3-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-lib-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-servlet-3_1-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-webapps-8.0.53-29.13.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP3:tomcat-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-admin-webapps-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-docs-webapp-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-el-3_0-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-javadoc-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-jsp-2_3-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-lib-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-servlet-3_1-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-webapps-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-admin-webapps-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-docs-webapp-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-el-3_0-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-javadoc-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-jsp-2_3-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-lib-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-servlet-3_1-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-webapps-8.0.53-29.13.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-09-13T05:57:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-1336"
    },
    {
      "cve": "CVE-2018-8014",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-8014"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable \u0027supportsCredentials\u0027 for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP3:tomcat-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server 12 SP3:tomcat-admin-webapps-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server 12 SP3:tomcat-docs-webapp-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server 12 SP3:tomcat-el-3_0-api-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server 12 SP3:tomcat-javadoc-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server 12 SP3:tomcat-jsp-2_3-api-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server 12 SP3:tomcat-lib-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server 12 SP3:tomcat-servlet-3_1-api-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server 12 SP3:tomcat-webapps-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-admin-webapps-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-docs-webapp-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-el-3_0-api-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-javadoc-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-jsp-2_3-api-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-lib-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-servlet-3_1-api-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-webapps-8.0.53-29.13.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-8014",
          "url": "https://www.suse.com/security/cve/CVE-2018-8014"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1093697 for CVE-2018-8014",
          "url": "https://bugzilla.suse.com/1093697"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP3:tomcat-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-admin-webapps-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-docs-webapp-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-el-3_0-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-javadoc-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-jsp-2_3-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-lib-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-servlet-3_1-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-webapps-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-admin-webapps-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-docs-webapp-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-el-3_0-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-javadoc-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-jsp-2_3-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-lib-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-servlet-3_1-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-webapps-8.0.53-29.13.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP3:tomcat-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-admin-webapps-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-docs-webapp-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-el-3_0-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-javadoc-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-jsp-2_3-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-lib-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-servlet-3_1-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-webapps-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-admin-webapps-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-docs-webapp-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-el-3_0-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-javadoc-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-jsp-2_3-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-lib-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-servlet-3_1-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-webapps-8.0.53-29.13.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-09-13T05:57:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-8014"
    },
    {
      "cve": "CVE-2018-8034",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-8034"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP3:tomcat-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server 12 SP3:tomcat-admin-webapps-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server 12 SP3:tomcat-docs-webapp-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server 12 SP3:tomcat-el-3_0-api-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server 12 SP3:tomcat-javadoc-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server 12 SP3:tomcat-jsp-2_3-api-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server 12 SP3:tomcat-lib-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server 12 SP3:tomcat-servlet-3_1-api-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server 12 SP3:tomcat-webapps-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-admin-webapps-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-docs-webapp-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-el-3_0-api-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-javadoc-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-jsp-2_3-api-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-lib-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-servlet-3_1-api-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-webapps-8.0.53-29.13.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-8034",
          "url": "https://www.suse.com/security/cve/CVE-2018-8034"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1102379 for CVE-2018-8034",
          "url": "https://bugzilla.suse.com/1102379"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP3:tomcat-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-admin-webapps-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-docs-webapp-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-el-3_0-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-javadoc-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-jsp-2_3-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-lib-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-servlet-3_1-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-webapps-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-admin-webapps-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-docs-webapp-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-el-3_0-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-javadoc-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-jsp-2_3-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-lib-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-servlet-3_1-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-webapps-8.0.53-29.13.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP3:tomcat-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-admin-webapps-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-docs-webapp-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-el-3_0-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-javadoc-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-jsp-2_3-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-lib-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-servlet-3_1-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-webapps-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-admin-webapps-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-docs-webapp-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-el-3_0-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-javadoc-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-jsp-2_3-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-lib-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-servlet-3_1-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-webapps-8.0.53-29.13.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-09-13T05:57:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-8034"
    },
    {
      "cve": "CVE-2018-8037",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-8037"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2 connectors that did not correctly track the closure of the connection when an async request was completed by the application and timed out by the container at the same time. This could also result in a user seeing a response intended for another user. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.9 and 8.5.5 to 8.5.31.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP3:tomcat-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server 12 SP3:tomcat-admin-webapps-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server 12 SP3:tomcat-docs-webapp-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server 12 SP3:tomcat-el-3_0-api-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server 12 SP3:tomcat-javadoc-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server 12 SP3:tomcat-jsp-2_3-api-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server 12 SP3:tomcat-lib-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server 12 SP3:tomcat-servlet-3_1-api-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server 12 SP3:tomcat-webapps-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-admin-webapps-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-docs-webapp-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-el-3_0-api-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-javadoc-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-jsp-2_3-api-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-lib-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-servlet-3_1-api-8.0.53-29.13.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-webapps-8.0.53-29.13.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-8037",
          "url": "https://www.suse.com/security/cve/CVE-2018-8037"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1003579 for CVE-2018-8037",
          "url": "https://bugzilla.suse.com/1003579"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1102410 for CVE-2018-8037",
          "url": "https://bugzilla.suse.com/1102410"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP3:tomcat-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-admin-webapps-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-docs-webapp-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-el-3_0-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-javadoc-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-jsp-2_3-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-lib-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-servlet-3_1-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-webapps-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-admin-webapps-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-docs-webapp-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-el-3_0-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-javadoc-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-jsp-2_3-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-lib-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-servlet-3_1-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-webapps-8.0.53-29.13.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP3:tomcat-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-admin-webapps-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-docs-webapp-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-el-3_0-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-javadoc-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-jsp-2_3-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-lib-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-servlet-3_1-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server 12 SP3:tomcat-webapps-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-admin-webapps-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-docs-webapp-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-el-3_0-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-javadoc-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-jsp-2_3-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-lib-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-servlet-3_1-api-8.0.53-29.13.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:tomcat-webapps-8.0.53-29.13.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-09-13T05:57:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2018-8037"
    }
  ]
}

SUSE-SU-2018:3011-1

Vulnerability from csaf_suse - Published: 2018-11-28 08:58 - Updated: 2018-11-28 08:58

Summary

Security update for tomcat

Severity

Moderate

Notes

Title of the patch: Security update for tomcat

Description of the patch: This update for tomcat to version 9.0.10 fixes the following issues: Security issues fixed: - CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder with supplementary characters could have lead to an infinite loop in the decoder causing a Denial of Service (bsc#1102400). - CVE-2018-8014: Fix insecure default CORS filter settings (bsc#1093697). - CVE-2018-8034: The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default (bsc#1102379). - CVE-2018-8037: If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could have resulted in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2 connectors that did not correctly track the closure of the connection when an async request was completed by the application and timed out by the container at the same time. This could also have resulted in a user seeing a response intended for another user (bsc#1102410). Bug fixes: - Avoid overwriting of customer's configuration during update (bsc#1067720) - Disable adding OSGi metadata to JAR files - See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.10_(markt)

Patchnames: SUSE-SLE-Module-Web-Scripting-15-2018-2145

CVE-2018-1336

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 7 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-9.0.10-3.7.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-admin-webapps-9.0.10-3.7.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-el-3_0-api-9.0.10-3.7.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-jsp-2_3-api-9.0.10-3.7.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-lib-9.0.10-3.7.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-servlet-4_0-api-9.0.10-3.7.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-webapps-9.0.10-3.7.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2018-8014

5.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Recommended 7 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-9.0.10-3.7.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-admin-webapps-9.0.10-3.7.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-el-3_0-api-9.0.10-3.7.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-jsp-2_3-api-9.0.10-3.7.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-lib-9.0.10-3.7.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-servlet-4_0-api-9.0.10-3.7.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-webapps-9.0.10-3.7.1.noarch	—	Vendor Fix

Threats

Impact low

CVE-2018-8034

6.5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 7 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-9.0.10-3.7.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-admin-webapps-9.0.10-3.7.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-el-3_0-api-9.0.10-3.7.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-jsp-2_3-api-9.0.10-3.7.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-lib-9.0.10-3.7.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-servlet-4_0-api-9.0.10-3.7.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-webapps-9.0.10-3.7.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2018-8037

9.1 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected products

Recommended 7 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-9.0.10-3.7.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-admin-webapps-9.0.10-3.7.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-el-3_0-api-9.0.10-3.7.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-jsp-2_3-api-9.0.10-3.7.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-lib-9.0.10-3.7.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-servlet-4_0-api-9.0.10-3.7.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-webapps-9.0.10-3.7.1.noarch	—	Vendor Fix

Threats

Impact critical

References

22 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://www.suse.com/support/update/announcement/…	self
https://bugzilla.suse.com/1067720	self
https://bugzilla.suse.com/1093697	self
https://bugzilla.suse.com/1102379	self
https://bugzilla.suse.com/1102400	self
https://bugzilla.suse.com/1102410	self
https://www.suse.com/security/cve/CVE-2018-1336/	self
https://www.suse.com/security/cve/CVE-2018-8014/	self
https://www.suse.com/security/cve/CVE-2018-8034/	self
https://www.suse.com/security/cve/CVE-2018-8037/	self
https://www.suse.com/security/cve/CVE-2018-1336	external
https://bugzilla.suse.com/1102400	external
https://www.suse.com/security/cve/CVE-2018-8014	external
https://bugzilla.suse.com/1093697	external
https://www.suse.com/security/cve/CVE-2018-8034	external
https://bugzilla.suse.com/1102379	external
https://www.suse.com/security/cve/CVE-2018-8037	external
https://bugzilla.suse.com/1003579	external
https://bugzilla.suse.com/1102410	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for tomcat",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for tomcat to version 9.0.10 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder with\n  supplementary characters could have lead to an infinite loop in the decoder\n  causing a Denial of Service (bsc#1102400).\n- CVE-2018-8014: Fix insecure default CORS filter settings (bsc#1093697).\n- CVE-2018-8034: The host name verification when using TLS with the WebSocket\n  client was missing. It is now enabled by default (bsc#1102379).\n- CVE-2018-8037: If an async request was completed by the application at the\n  same time as the container triggered the async timeout, a race condition\n  existed that could have resulted in a user seeing a response intended for a\n  different user. An additional issue was present in the NIO and NIO2 connectors\n  that did not correctly track the closure of the connection when an async\n  request was completed by the application and timed out by the container at the\n  same time. This could also have resulted in a user seeing a response intended\n  for another user (bsc#1102410).\n\nBug fixes:\n\n- Avoid overwriting of customer\u0027s configuration during update (bsc#1067720)\n- Disable adding OSGi metadata to JAR files\n\n- See changelog at http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.10_(markt)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-Module-Web-Scripting-15-2018-2145",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3011-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2018:3011-1",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183011-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2018:3011-1",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183011-1.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1067720",
        "url": "https://bugzilla.suse.com/1067720"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1093697",
        "url": "https://bugzilla.suse.com/1093697"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1102379",
        "url": "https://bugzilla.suse.com/1102379"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1102400",
        "url": "https://bugzilla.suse.com/1102400"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1102410",
        "url": "https://bugzilla.suse.com/1102410"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-1336 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-1336/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-8014 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-8014/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-8034 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-8034/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-8037 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-8037/"
      }
    ],
    "title": "Security update for tomcat",
    "tracking": {
      "current_release_date": "2018-11-28T08:58:40Z",
      "generator": {
        "date": "2018-11-28T08:58:40Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2018:3011-1",
      "initial_release_date": "2018-11-28T08:58:40Z",
      "revision_history": [
        {
          "date": "2018-11-28T08:58:40Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat-9.0.10-3.7.1.noarch",
                "product": {
                  "name": "tomcat-9.0.10-3.7.1.noarch",
                  "product_id": "tomcat-9.0.10-3.7.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-admin-webapps-9.0.10-3.7.1.noarch",
                "product": {
                  "name": "tomcat-admin-webapps-9.0.10-3.7.1.noarch",
                  "product_id": "tomcat-admin-webapps-9.0.10-3.7.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-el-3_0-api-9.0.10-3.7.1.noarch",
                "product": {
                  "name": "tomcat-el-3_0-api-9.0.10-3.7.1.noarch",
                  "product_id": "tomcat-el-3_0-api-9.0.10-3.7.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-jsp-2_3-api-9.0.10-3.7.1.noarch",
                "product": {
                  "name": "tomcat-jsp-2_3-api-9.0.10-3.7.1.noarch",
                  "product_id": "tomcat-jsp-2_3-api-9.0.10-3.7.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-lib-9.0.10-3.7.1.noarch",
                "product": {
                  "name": "tomcat-lib-9.0.10-3.7.1.noarch",
                  "product_id": "tomcat-lib-9.0.10-3.7.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-servlet-4_0-api-9.0.10-3.7.1.noarch",
                "product": {
                  "name": "tomcat-servlet-4_0-api-9.0.10-3.7.1.noarch",
                  "product_id": "tomcat-servlet-4_0-api-9.0.10-3.7.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-webapps-9.0.10-3.7.1.noarch",
                "product": {
                  "name": "tomcat-webapps-9.0.10-3.7.1.noarch",
                  "product_id": "tomcat-webapps-9.0.10-3.7.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Web and Scripting 15",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Web and Scripting 15",
                  "product_id": "SUSE Linux Enterprise Module for Web and Scripting 15",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-web-scripting:15"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-9.0.10-3.7.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15",
          "product_id": "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-9.0.10-3.7.1.noarch"
        },
        "product_reference": "tomcat-9.0.10-3.7.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-admin-webapps-9.0.10-3.7.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15",
          "product_id": "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-admin-webapps-9.0.10-3.7.1.noarch"
        },
        "product_reference": "tomcat-admin-webapps-9.0.10-3.7.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-el-3_0-api-9.0.10-3.7.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15",
          "product_id": "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-el-3_0-api-9.0.10-3.7.1.noarch"
        },
        "product_reference": "tomcat-el-3_0-api-9.0.10-3.7.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-jsp-2_3-api-9.0.10-3.7.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15",
          "product_id": "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-jsp-2_3-api-9.0.10-3.7.1.noarch"
        },
        "product_reference": "tomcat-jsp-2_3-api-9.0.10-3.7.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-lib-9.0.10-3.7.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15",
          "product_id": "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-lib-9.0.10-3.7.1.noarch"
        },
        "product_reference": "tomcat-lib-9.0.10-3.7.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-servlet-4_0-api-9.0.10-3.7.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15",
          "product_id": "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-servlet-4_0-api-9.0.10-3.7.1.noarch"
        },
        "product_reference": "tomcat-servlet-4_0-api-9.0.10-3.7.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-webapps-9.0.10-3.7.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15",
          "product_id": "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-webapps-9.0.10-3.7.1.noarch"
        },
        "product_reference": "tomcat-webapps-9.0.10-3.7.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-1336",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-1336"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-9.0.10-3.7.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-admin-webapps-9.0.10-3.7.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-el-3_0-api-9.0.10-3.7.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-jsp-2_3-api-9.0.10-3.7.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-lib-9.0.10-3.7.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-servlet-4_0-api-9.0.10-3.7.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-webapps-9.0.10-3.7.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-1336",
          "url": "https://www.suse.com/security/cve/CVE-2018-1336"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1102400 for CVE-2018-1336",
          "url": "https://bugzilla.suse.com/1102400"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-admin-webapps-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-el-3_0-api-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-jsp-2_3-api-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-lib-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-servlet-4_0-api-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-webapps-9.0.10-3.7.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-admin-webapps-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-el-3_0-api-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-jsp-2_3-api-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-lib-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-servlet-4_0-api-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-webapps-9.0.10-3.7.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-11-28T08:58:40Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-1336"
    },
    {
      "cve": "CVE-2018-8014",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-8014"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable \u0027supportsCredentials\u0027 for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-9.0.10-3.7.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-admin-webapps-9.0.10-3.7.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-el-3_0-api-9.0.10-3.7.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-jsp-2_3-api-9.0.10-3.7.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-lib-9.0.10-3.7.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-servlet-4_0-api-9.0.10-3.7.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-webapps-9.0.10-3.7.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-8014",
          "url": "https://www.suse.com/security/cve/CVE-2018-8014"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1093697 for CVE-2018-8014",
          "url": "https://bugzilla.suse.com/1093697"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-admin-webapps-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-el-3_0-api-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-jsp-2_3-api-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-lib-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-servlet-4_0-api-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-webapps-9.0.10-3.7.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-admin-webapps-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-el-3_0-api-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-jsp-2_3-api-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-lib-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-servlet-4_0-api-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-webapps-9.0.10-3.7.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-11-28T08:58:40Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-8014"
    },
    {
      "cve": "CVE-2018-8034",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-8034"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-9.0.10-3.7.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-admin-webapps-9.0.10-3.7.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-el-3_0-api-9.0.10-3.7.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-jsp-2_3-api-9.0.10-3.7.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-lib-9.0.10-3.7.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-servlet-4_0-api-9.0.10-3.7.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-webapps-9.0.10-3.7.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-8034",
          "url": "https://www.suse.com/security/cve/CVE-2018-8034"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1102379 for CVE-2018-8034",
          "url": "https://bugzilla.suse.com/1102379"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-admin-webapps-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-el-3_0-api-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-jsp-2_3-api-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-lib-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-servlet-4_0-api-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-webapps-9.0.10-3.7.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-admin-webapps-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-el-3_0-api-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-jsp-2_3-api-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-lib-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-servlet-4_0-api-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-webapps-9.0.10-3.7.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-11-28T08:58:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-8034"
    },
    {
      "cve": "CVE-2018-8037",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-8037"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2 connectors that did not correctly track the closure of the connection when an async request was completed by the application and timed out by the container at the same time. This could also result in a user seeing a response intended for another user. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.9 and 8.5.5 to 8.5.31.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-9.0.10-3.7.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-admin-webapps-9.0.10-3.7.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-el-3_0-api-9.0.10-3.7.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-jsp-2_3-api-9.0.10-3.7.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-lib-9.0.10-3.7.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-servlet-4_0-api-9.0.10-3.7.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-webapps-9.0.10-3.7.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-8037",
          "url": "https://www.suse.com/security/cve/CVE-2018-8037"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1003579 for CVE-2018-8037",
          "url": "https://bugzilla.suse.com/1003579"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1102410 for CVE-2018-8037",
          "url": "https://bugzilla.suse.com/1102410"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-admin-webapps-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-el-3_0-api-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-jsp-2_3-api-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-lib-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-servlet-4_0-api-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-webapps-9.0.10-3.7.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-admin-webapps-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-el-3_0-api-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-jsp-2_3-api-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-lib-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-servlet-4_0-api-9.0.10-3.7.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 15:tomcat-webapps-9.0.10-3.7.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-11-28T08:58:40Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2018-8037"
    }
  ]
}

SUSE-SU-2018:3261-1

Vulnerability from csaf_suse - Published: 2018-10-19 14:05 - Updated: 2018-10-19 14:05

Summary

Security update for tomcat

Severity

Moderate

Notes

Title of the patch: Security update for tomcat

Description of the patch: This update for tomcat fixes the following issues: Version update to 7.0.90: - Another bugfix release, for full details see: https://tomcat.apache.org/tomcat-7.0-doc/changelog.html Security issues fixed: - CVE-2018-11784: When the default servlet in Apache Tomcat returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. (bsc#1110850) - CVE-2017-15706: As part of the fix for bug 61201, the documentation for Apache Tomcat included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correct. As a result, some scripts may have failed to execute as expected and other scripts may have been executed unexpectedly. Note that the behaviour of the CGI servlet has remained unchanged in this regard. It is only the documentation of the behaviour that was wrong and has been corrected.(bsc#1078677) - CVE-2018-1304: The URL pattern of \'\' (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected. (bsc#1082480) - CVE-2018-1305: Security constraints defined by annotations of Servlets in Apache Tomcat were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them.(bsc#1082481) - CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. (bsc#1102400) - CVE-2018-8014: Fixed default settings for the CORS filter, which were insecure and enabled 'supportsCredentials' for all origins. (bsc#1093697) - CVE-2018-8034: Fixed the host name verification when using TLS with the WebSocket client, which was not enabled by default. (bsc#1102379)

Patchnames: SUSE-SLE-SERVER-12-2018-2339

CVE-2017-15706

0 (None)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Affected products

Recommended 9 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-admin-webapps-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-docs-webapp-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-el-2_2-api-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-javadoc-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-jsp-2_2-api-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-lib-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-servlet-3_0-api-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-webapps-7.0.90-7.23.1.noarch	—	Vendor Fix

Threats

Impact low

CVE-2018-11784

6.1 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected products

Recommended 9 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-admin-webapps-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-docs-webapp-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-el-2_2-api-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-javadoc-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-jsp-2_2-api-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-lib-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-servlet-3_0-api-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-webapps-7.0.90-7.23.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2018-1304

4.8 (Medium)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 9 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-admin-webapps-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-docs-webapp-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-el-2_2-api-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-javadoc-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-jsp-2_2-api-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-lib-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-servlet-3_0-api-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-webapps-7.0.90-7.23.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2018-1305

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 9 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-admin-webapps-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-docs-webapp-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-el-2_2-api-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-javadoc-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-jsp-2_2-api-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-lib-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-servlet-3_0-api-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-webapps-7.0.90-7.23.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2018-1336

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 9 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-admin-webapps-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-docs-webapp-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-el-2_2-api-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-javadoc-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-jsp-2_2-api-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-lib-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-servlet-3_0-api-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-webapps-7.0.90-7.23.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2018-8014

5.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Recommended 9 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-admin-webapps-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-docs-webapp-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-el-2_2-api-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-javadoc-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-jsp-2_2-api-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-lib-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-servlet-3_0-api-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-webapps-7.0.90-7.23.1.noarch	—	Vendor Fix

Threats

Impact low

CVE-2018-8034

6.5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 9 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-admin-webapps-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-docs-webapp-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-el-2_2-api-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-javadoc-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-jsp-2_2-api-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-lib-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-servlet-3_0-api-7.0.90-7.23.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:tomcat-webapps-7.0.90-7.23.1.noarch	—	Vendor Fix

Threats

Impact moderate

References

34 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1078677	self
https://bugzilla.suse.com/1082480	self
https://bugzilla.suse.com/1082481	self
https://bugzilla.suse.com/1093697	self
https://bugzilla.suse.com/1102379	self
https://bugzilla.suse.com/1102400	self
https://bugzilla.suse.com/1110850	self
https://www.suse.com/security/cve/CVE-2017-15706/	self
https://www.suse.com/security/cve/CVE-2018-11784/	self
https://www.suse.com/security/cve/CVE-2018-1304/	self
https://www.suse.com/security/cve/CVE-2018-1305/	self
https://www.suse.com/security/cve/CVE-2018-1336/	self
https://www.suse.com/security/cve/CVE-2018-8014/	self
https://www.suse.com/security/cve/CVE-2018-8034/	self
https://www.suse.com/security/cve/CVE-2017-15706	external
https://bugzilla.suse.com/1078677	external
https://www.suse.com/security/cve/CVE-2018-11784	external
https://bugzilla.suse.com/1110850	external
https://bugzilla.suse.com/1122212	external
https://www.suse.com/security/cve/CVE-2018-1304	external
https://bugzilla.suse.com/1082480	external
https://www.suse.com/security/cve/CVE-2018-1305	external
https://bugzilla.suse.com/1082481	external
https://bugzilla.suse.com/1112097	external
https://www.suse.com/security/cve/CVE-2018-1336	external
https://bugzilla.suse.com/1102400	external
https://www.suse.com/security/cve/CVE-2018-8014	external
https://bugzilla.suse.com/1093697	external
https://www.suse.com/security/cve/CVE-2018-8034	external
https://bugzilla.suse.com/1102379	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for tomcat",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for tomcat fixes the following issues:\n\nVersion update to 7.0.90:\n\n- Another bugfix release, for full details see:\n  https://tomcat.apache.org/tomcat-7.0-doc/changelog.html\n\nSecurity issues fixed:\n\n- CVE-2018-11784: When the default servlet in Apache Tomcat returned\n  a redirect to a directory (e.g. redirecting to \u0027/foo/\u0027 when the user\n  requested \u0027/foo\u0027) a specially crafted URL could be used to cause the\n  redirect to be generated to any URI of the attackers choice. (bsc#1110850)\n- CVE-2017-15706: As part of the fix for bug 61201, the documentation\n  for Apache Tomcat included an updated description of the search algorithm\n  used by the CGI Servlet to identify which script to execute.  The update\n  was not correct. As a result, some scripts may have failed to execute as\n  expected and other scripts may have been executed unexpectedly. Note that\n  the behaviour of the CGI servlet has remained unchanged in this regard.\n  It is only the documentation of the behaviour that was wrong and has\n  been corrected.(bsc#1078677)\n- CVE-2018-1304: The URL pattern of \\\u0027\\\u0027 (the empty string) which exactly\n  maps to the context root was not correctly handled in Apache Tomcat\n  when used as part of a security constraint definition. This caused the\n  constraint to be ignored. It was, therefore, possible for unauthorised\n  users to gain access to web application resources that should have\n  been protected.  Only security constraints with a URL pattern of the\n  empty string were affected. (bsc#1082480)\n- CVE-2018-1305: Security constraints defined by annotations of Servlets\n  in Apache Tomcat were only applied once a Servlet had been loaded. Because\n  security constraints defined in this way apply to the URL pattern and\n  any URLs below that point, it was possible - depending on the order\n  Servlets were loaded - for some security constraints not to be applied.\n  This could have exposed resources to users who were not authorised to\n  access them.(bsc#1082481)\n- CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder with\n  supplementary characters can lead to an infinite loop in the decoder causing\n  a Denial of Service. (bsc#1102400)\n- CVE-2018-8014: Fixed default settings for the CORS filter, which were\n  insecure and enabled \u0027supportsCredentials\u0027 for all origins. (bsc#1093697)\n- CVE-2018-8034: Fixed the host name verification when using TLS with the\n  WebSocket client, which was not enabled by default. (bsc#1102379)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-SERVER-12-2018-2339",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3261-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2018:3261-1",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183261-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2018:3261-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2018-October/004749.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1078677",
        "url": "https://bugzilla.suse.com/1078677"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1082480",
        "url": "https://bugzilla.suse.com/1082480"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1082481",
        "url": "https://bugzilla.suse.com/1082481"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1093697",
        "url": "https://bugzilla.suse.com/1093697"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1102379",
        "url": "https://bugzilla.suse.com/1102379"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1102400",
        "url": "https://bugzilla.suse.com/1102400"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1110850",
        "url": "https://bugzilla.suse.com/1110850"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-15706 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-15706/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-11784 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-11784/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-1304 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-1304/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-1305 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-1305/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-1336 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-1336/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-8014 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-8014/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-8034 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-8034/"
      }
    ],
    "title": "Security update for tomcat",
    "tracking": {
      "current_release_date": "2018-10-19T14:05:42Z",
      "generator": {
        "date": "2018-10-19T14:05:42Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2018:3261-1",
      "initial_release_date": "2018-10-19T14:05:42Z",
      "revision_history": [
        {
          "date": "2018-10-19T14:05:42Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat-7.0.90-7.23.1.noarch",
                "product": {
                  "name": "tomcat-7.0.90-7.23.1.noarch",
                  "product_id": "tomcat-7.0.90-7.23.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-admin-webapps-7.0.90-7.23.1.noarch",
                "product": {
                  "name": "tomcat-admin-webapps-7.0.90-7.23.1.noarch",
                  "product_id": "tomcat-admin-webapps-7.0.90-7.23.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-docs-webapp-7.0.90-7.23.1.noarch",
                "product": {
                  "name": "tomcat-docs-webapp-7.0.90-7.23.1.noarch",
                  "product_id": "tomcat-docs-webapp-7.0.90-7.23.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-el-2_2-api-7.0.90-7.23.1.noarch",
                "product": {
                  "name": "tomcat-el-2_2-api-7.0.90-7.23.1.noarch",
                  "product_id": "tomcat-el-2_2-api-7.0.90-7.23.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-javadoc-7.0.90-7.23.1.noarch",
                "product": {
                  "name": "tomcat-javadoc-7.0.90-7.23.1.noarch",
                  "product_id": "tomcat-javadoc-7.0.90-7.23.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-jsp-2_2-api-7.0.90-7.23.1.noarch",
                "product": {
                  "name": "tomcat-jsp-2_2-api-7.0.90-7.23.1.noarch",
                  "product_id": "tomcat-jsp-2_2-api-7.0.90-7.23.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-lib-7.0.90-7.23.1.noarch",
                "product": {
                  "name": "tomcat-lib-7.0.90-7.23.1.noarch",
                  "product_id": "tomcat-lib-7.0.90-7.23.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-servlet-3_0-api-7.0.90-7.23.1.noarch",
                "product": {
                  "name": "tomcat-servlet-3_0-api-7.0.90-7.23.1.noarch",
                  "product_id": "tomcat-servlet-3_0-api-7.0.90-7.23.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-webapps-7.0.90-7.23.1.noarch",
                "product": {
                  "name": "tomcat-webapps-7.0.90-7.23.1.noarch",
                  "product_id": "tomcat-webapps-7.0.90-7.23.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-7.0.90-7.23.1.noarch as component of SUSE Linux Enterprise Server 12-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12-LTSS:tomcat-7.0.90-7.23.1.noarch"
        },
        "product_reference": "tomcat-7.0.90-7.23.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-admin-webapps-7.0.90-7.23.1.noarch as component of SUSE Linux Enterprise Server 12-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12-LTSS:tomcat-admin-webapps-7.0.90-7.23.1.noarch"
        },
        "product_reference": "tomcat-admin-webapps-7.0.90-7.23.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-docs-webapp-7.0.90-7.23.1.noarch as component of SUSE Linux Enterprise Server 12-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12-LTSS:tomcat-docs-webapp-7.0.90-7.23.1.noarch"
        },
        "product_reference": "tomcat-docs-webapp-7.0.90-7.23.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-el-2_2-api-7.0.90-7.23.1.noarch as component of SUSE Linux Enterprise Server 12-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12-LTSS:tomcat-el-2_2-api-7.0.90-7.23.1.noarch"
        },
        "product_reference": "tomcat-el-2_2-api-7.0.90-7.23.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-javadoc-7.0.90-7.23.1.noarch as component of SUSE Linux Enterprise Server 12-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12-LTSS:tomcat-javadoc-7.0.90-7.23.1.noarch"
        },
        "product_reference": "tomcat-javadoc-7.0.90-7.23.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-jsp-2_2-api-7.0.90-7.23.1.noarch as component of SUSE Linux Enterprise Server 12-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12-LTSS:tomcat-jsp-2_2-api-7.0.90-7.23.1.noarch"
        },
        "product_reference": "tomcat-jsp-2_2-api-7.0.90-7.23.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-lib-7.0.90-7.23.1.noarch as component of SUSE Linux Enterprise Server 12-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12-LTSS:tomcat-lib-7.0.90-7.23.1.noarch"
        },
        "product_reference": "tomcat-lib-7.0.90-7.23.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-servlet-3_0-api-7.0.90-7.23.1.noarch as component of SUSE Linux Enterprise Server 12-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12-LTSS:tomcat-servlet-3_0-api-7.0.90-7.23.1.noarch"
        },
        "product_reference": "tomcat-servlet-3_0-api-7.0.90-7.23.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-webapps-7.0.90-7.23.1.noarch as component of SUSE Linux Enterprise Server 12-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12-LTSS:tomcat-webapps-7.0.90-7.23.1.noarch"
        },
        "product_reference": "tomcat-webapps-7.0.90-7.23.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-15706",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-15706"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correct. As a result, some scripts may have failed to execute as expected and other scripts may have been executed unexpectedly. Note that the behaviour of the CGI servlet has remained unchanged in this regard. It is only the documentation of the behaviour that was wrong and has been corrected.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-admin-webapps-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-docs-webapp-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-el-2_2-api-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-javadoc-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-jsp-2_2-api-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-lib-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-servlet-3_0-api-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-webapps-7.0.90-7.23.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-15706",
          "url": "https://www.suse.com/security/cve/CVE-2017-15706"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1078677 for CVE-2017-15706",
          "url": "https://bugzilla.suse.com/1078677"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-admin-webapps-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-docs-webapp-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-el-2_2-api-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-javadoc-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-jsp-2_2-api-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-lib-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-servlet-3_0-api-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-webapps-7.0.90-7.23.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 0,
            "baseSeverity": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-admin-webapps-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-docs-webapp-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-el-2_2-api-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-javadoc-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-jsp-2_2-api-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-lib-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-servlet-3_0-api-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-webapps-7.0.90-7.23.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-10-19T14:05:42Z",
          "details": "low"
        }
      ],
      "title": "CVE-2017-15706"
    },
    {
      "cve": "CVE-2018-11784",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-11784"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to \u0027/foo/\u0027 when the user requested \u0027/foo\u0027) a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-admin-webapps-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-docs-webapp-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-el-2_2-api-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-javadoc-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-jsp-2_2-api-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-lib-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-servlet-3_0-api-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-webapps-7.0.90-7.23.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-11784",
          "url": "https://www.suse.com/security/cve/CVE-2018-11784"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1110850 for CVE-2018-11784",
          "url": "https://bugzilla.suse.com/1110850"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1122212 for CVE-2018-11784",
          "url": "https://bugzilla.suse.com/1122212"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-admin-webapps-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-docs-webapp-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-el-2_2-api-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-javadoc-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-jsp-2_2-api-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-lib-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-servlet-3_0-api-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-webapps-7.0.90-7.23.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-admin-webapps-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-docs-webapp-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-el-2_2-api-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-javadoc-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-jsp-2_2-api-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-lib-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-servlet-3_0-api-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-webapps-7.0.90-7.23.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-10-19T14:05:42Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-11784"
    },
    {
      "cve": "CVE-2018-1304",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-1304"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The URL pattern of \"\" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-admin-webapps-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-docs-webapp-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-el-2_2-api-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-javadoc-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-jsp-2_2-api-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-lib-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-servlet-3_0-api-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-webapps-7.0.90-7.23.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-1304",
          "url": "https://www.suse.com/security/cve/CVE-2018-1304"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1082480 for CVE-2018-1304",
          "url": "https://bugzilla.suse.com/1082480"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-admin-webapps-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-docs-webapp-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-el-2_2-api-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-javadoc-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-jsp-2_2-api-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-lib-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-servlet-3_0-api-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-webapps-7.0.90-7.23.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-admin-webapps-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-docs-webapp-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-el-2_2-api-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-javadoc-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-jsp-2_2-api-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-lib-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-servlet-3_0-api-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-webapps-7.0.90-7.23.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-10-19T14:05:42Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-1304"
    },
    {
      "cve": "CVE-2018-1305",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-1305"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-admin-webapps-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-docs-webapp-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-el-2_2-api-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-javadoc-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-jsp-2_2-api-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-lib-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-servlet-3_0-api-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-webapps-7.0.90-7.23.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-1305",
          "url": "https://www.suse.com/security/cve/CVE-2018-1305"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1082481 for CVE-2018-1305",
          "url": "https://bugzilla.suse.com/1082481"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112097 for CVE-2018-1305",
          "url": "https://bugzilla.suse.com/1112097"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-admin-webapps-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-docs-webapp-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-el-2_2-api-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-javadoc-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-jsp-2_2-api-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-lib-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-servlet-3_0-api-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-webapps-7.0.90-7.23.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-admin-webapps-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-docs-webapp-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-el-2_2-api-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-javadoc-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-jsp-2_2-api-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-lib-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-servlet-3_0-api-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-webapps-7.0.90-7.23.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-10-19T14:05:42Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-1305"
    },
    {
      "cve": "CVE-2018-1336",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-1336"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-admin-webapps-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-docs-webapp-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-el-2_2-api-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-javadoc-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-jsp-2_2-api-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-lib-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-servlet-3_0-api-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-webapps-7.0.90-7.23.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-1336",
          "url": "https://www.suse.com/security/cve/CVE-2018-1336"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1102400 for CVE-2018-1336",
          "url": "https://bugzilla.suse.com/1102400"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-admin-webapps-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-docs-webapp-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-el-2_2-api-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-javadoc-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-jsp-2_2-api-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-lib-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-servlet-3_0-api-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-webapps-7.0.90-7.23.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-admin-webapps-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-docs-webapp-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-el-2_2-api-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-javadoc-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-jsp-2_2-api-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-lib-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-servlet-3_0-api-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-webapps-7.0.90-7.23.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-10-19T14:05:42Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-1336"
    },
    {
      "cve": "CVE-2018-8014",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-8014"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable \u0027supportsCredentials\u0027 for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-admin-webapps-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-docs-webapp-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-el-2_2-api-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-javadoc-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-jsp-2_2-api-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-lib-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-servlet-3_0-api-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-webapps-7.0.90-7.23.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-8014",
          "url": "https://www.suse.com/security/cve/CVE-2018-8014"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1093697 for CVE-2018-8014",
          "url": "https://bugzilla.suse.com/1093697"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-admin-webapps-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-docs-webapp-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-el-2_2-api-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-javadoc-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-jsp-2_2-api-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-lib-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-servlet-3_0-api-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-webapps-7.0.90-7.23.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-admin-webapps-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-docs-webapp-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-el-2_2-api-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-javadoc-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-jsp-2_2-api-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-lib-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-servlet-3_0-api-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-webapps-7.0.90-7.23.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-10-19T14:05:42Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-8014"
    },
    {
      "cve": "CVE-2018-8034",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-8034"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-admin-webapps-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-docs-webapp-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-el-2_2-api-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-javadoc-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-jsp-2_2-api-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-lib-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-servlet-3_0-api-7.0.90-7.23.1.noarch",
          "SUSE Linux Enterprise Server 12-LTSS:tomcat-webapps-7.0.90-7.23.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-8034",
          "url": "https://www.suse.com/security/cve/CVE-2018-8034"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1102379 for CVE-2018-8034",
          "url": "https://bugzilla.suse.com/1102379"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-admin-webapps-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-docs-webapp-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-el-2_2-api-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-javadoc-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-jsp-2_2-api-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-lib-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-servlet-3_0-api-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-webapps-7.0.90-7.23.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-admin-webapps-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-docs-webapp-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-el-2_2-api-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-javadoc-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-jsp-2_2-api-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-lib-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-servlet-3_0-api-7.0.90-7.23.1.noarch",
            "SUSE Linux Enterprise Server 12-LTSS:tomcat-webapps-7.0.90-7.23.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-10-19T14:05:42Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-8034"
    }
  ]
}

SUSE-SU-2018:3388-1

Vulnerability from csaf_suse - Published: 2018-10-24 11:48 - Updated: 2018-10-24 11:48

Summary

Security update for tomcat

Severity

Moderate

Notes

Title of the patch: Security update for tomcat

Description of the patch: This update for tomcat to version 8.0.53 fixes the following security issues: - CVE-2018-11784: When the default servlet in Apache Tomcat returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. (bsc#1110850) - CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder with supplementary characters could have lead to an infinite loop in the decoder causing a Denial of Service (bsc#1102400) - CVE-2018-8034: The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default (bsc#1102379) - CVE-2018-8037: If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could have resulted in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2 connectors that did not correctly track the closure of the connection when an async request was completed by the application and timed out by the container at the same time. This could also have resulted in a user seeing a response intended for another user (bsc#1102410) - CVE-2018-1305: Fixed late application of security constraints that can lead to resource exposure for unauthorised users (bsc#1082481). - CVE-2018-1304: Fixed incorrect handling of empty string URL in security constraints that can lead to unitended exposure of resources (bsc#1082480). - CVE-2017-15706: Fixed incorrect documentation of CGI Servlet search algorithm that may lead to misconfiguration (bsc#1078677). - CVE-2018-8014: The defaults settings for the CORS filter were insecure and enable 'supportsCredentials' for all origins (bsc#1093697).

Patchnames: SUSE-SLE-SAP-12-SP1-2018-2433,SUSE-SLE-SERVER-12-SP1-2018-2433

CVE-2017-15706

0 (None)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-admin-webapps-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-docs-webapp-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-el-3_0-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-javadoc-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-lib-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-webapps-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-admin-webapps-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-docs-webapp-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-el-3_0-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-javadoc-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-lib-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-webapps-8.0.53-10.35.1.noarch	—	Vendor Fix

Threats

Impact low

CVE-2018-11784

6.1 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-admin-webapps-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-docs-webapp-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-el-3_0-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-javadoc-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-lib-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-webapps-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-admin-webapps-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-docs-webapp-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-el-3_0-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-javadoc-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-lib-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-webapps-8.0.53-10.35.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2018-1304

4.8 (Medium)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-admin-webapps-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-docs-webapp-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-el-3_0-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-javadoc-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-lib-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-webapps-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-admin-webapps-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-docs-webapp-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-el-3_0-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-javadoc-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-lib-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-webapps-8.0.53-10.35.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2018-1305

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-admin-webapps-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-docs-webapp-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-el-3_0-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-javadoc-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-lib-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-webapps-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-admin-webapps-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-docs-webapp-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-el-3_0-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-javadoc-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-lib-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-webapps-8.0.53-10.35.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2018-1336

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-admin-webapps-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-docs-webapp-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-el-3_0-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-javadoc-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-lib-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-webapps-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-admin-webapps-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-docs-webapp-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-el-3_0-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-javadoc-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-lib-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-webapps-8.0.53-10.35.1.noarch	—	Vendor Fix

Threats

Impact important

CVE-2018-8014

5.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-admin-webapps-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-docs-webapp-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-el-3_0-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-javadoc-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-lib-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-webapps-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-admin-webapps-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-docs-webapp-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-el-3_0-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-javadoc-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-lib-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-webapps-8.0.53-10.35.1.noarch	—	Vendor Fix

Threats

Impact low

CVE-2018-8034

6.5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-admin-webapps-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-docs-webapp-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-el-3_0-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-javadoc-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-lib-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-webapps-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-admin-webapps-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-docs-webapp-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-el-3_0-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-javadoc-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-lib-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-webapps-8.0.53-10.35.1.noarch	—	Vendor Fix

Threats

Impact moderate

CVE-2018-8037

9.1 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-admin-webapps-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-docs-webapp-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-el-3_0-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-javadoc-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-lib-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-webapps-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-admin-webapps-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-docs-webapp-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-el-3_0-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-javadoc-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-lib-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-webapps-8.0.53-10.35.1.noarch	—	Vendor Fix

Threats

Impact critical

References

39 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1078677	self
https://bugzilla.suse.com/1082480	self
https://bugzilla.suse.com/1082481	self
https://bugzilla.suse.com/1093697	self
https://bugzilla.suse.com/1102379	self
https://bugzilla.suse.com/1102400	self
https://bugzilla.suse.com/1102410	self
https://bugzilla.suse.com/1110850	self
https://www.suse.com/security/cve/CVE-2017-15706/	self
https://www.suse.com/security/cve/CVE-2018-11784/	self
https://www.suse.com/security/cve/CVE-2018-1304/	self
https://www.suse.com/security/cve/CVE-2018-1305/	self
https://www.suse.com/security/cve/CVE-2018-1336/	self
https://www.suse.com/security/cve/CVE-2018-8014/	self
https://www.suse.com/security/cve/CVE-2018-8034/	self
https://www.suse.com/security/cve/CVE-2018-8037/	self
https://www.suse.com/security/cve/CVE-2017-15706	external
https://bugzilla.suse.com/1078677	external
https://www.suse.com/security/cve/CVE-2018-11784	external
https://bugzilla.suse.com/1110850	external
https://bugzilla.suse.com/1122212	external
https://www.suse.com/security/cve/CVE-2018-1304	external
https://bugzilla.suse.com/1082480	external
https://www.suse.com/security/cve/CVE-2018-1305	external
https://bugzilla.suse.com/1082481	external
https://bugzilla.suse.com/1112097	external
https://www.suse.com/security/cve/CVE-2018-1336	external
https://bugzilla.suse.com/1102400	external
https://www.suse.com/security/cve/CVE-2018-8014	external
https://bugzilla.suse.com/1093697	external
https://www.suse.com/security/cve/CVE-2018-8034	external
https://bugzilla.suse.com/1102379	external
https://www.suse.com/security/cve/CVE-2018-8037	external
https://bugzilla.suse.com/1003579	external
https://bugzilla.suse.com/1102410	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for tomcat",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for tomcat to version 8.0.53 fixes the following security issues:\n\n- CVE-2018-11784: When the default servlet in Apache Tomcat returned\n  a redirect to a directory (e.g. redirecting to \u0027/foo/\u0027 when the user\n  requested \u0027/foo\u0027) a specially crafted URL could be used to cause the\n  redirect to be generated to any URI of the attackers choice. (bsc#1110850)\n- CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder with\n  supplementary characters could have lead to an infinite loop in the decoder\n  causing a Denial of Service (bsc#1102400)\n- CVE-2018-8034: The host name verification when using TLS with the WebSocket\n  client was missing. It is now enabled by default (bsc#1102379)\n- CVE-2018-8037: If an async request was completed by the application at the\n  same time as the container triggered the async timeout, a race condition\n  existed that could have resulted in a user seeing a response intended for a\n  different user. An additional issue was present in the NIO and NIO2 connectors\n  that did not correctly track the closure of the connection when an async\n  request was completed by the application and timed out by the container at the\n  same time. This could also have resulted in a user seeing a response intended\n  for another user (bsc#1102410)\n- CVE-2018-1305: Fixed late application of security constraints that can lead\n  to resource exposure for unauthorised users (bsc#1082481).\n- CVE-2018-1304: Fixed incorrect handling of empty string URL in security\n  constraints that can lead to unitended exposure of resources (bsc#1082480).\n- CVE-2017-15706: Fixed incorrect documentation of CGI Servlet search algorithm\n  that may lead to misconfiguration (bsc#1078677).\n- CVE-2018-8014: The defaults settings for the CORS filter were insecure and\n  enable \u0027supportsCredentials\u0027 for all origins (bsc#1093697).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-SAP-12-SP1-2018-2433,SUSE-SLE-SERVER-12-SP1-2018-2433",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3388-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2018:3388-1",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183388-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2018:3388-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2018-October/004782.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1078677",
        "url": "https://bugzilla.suse.com/1078677"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1082480",
        "url": "https://bugzilla.suse.com/1082480"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1082481",
        "url": "https://bugzilla.suse.com/1082481"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1093697",
        "url": "https://bugzilla.suse.com/1093697"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1102379",
        "url": "https://bugzilla.suse.com/1102379"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1102400",
        "url": "https://bugzilla.suse.com/1102400"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1102410",
        "url": "https://bugzilla.suse.com/1102410"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1110850",
        "url": "https://bugzilla.suse.com/1110850"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-15706 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-15706/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-11784 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-11784/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-1304 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-1304/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-1305 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-1305/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-1336 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-1336/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-8014 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-8014/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-8034 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-8034/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-8037 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-8037/"
      }
    ],
    "title": "Security update for tomcat",
    "tracking": {
      "current_release_date": "2018-10-24T11:48:05Z",
      "generator": {
        "date": "2018-10-24T11:48:05Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2018:3388-1",
      "initial_release_date": "2018-10-24T11:48:05Z",
      "revision_history": [
        {
          "date": "2018-10-24T11:48:05Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat-8.0.53-10.35.1.noarch",
                "product": {
                  "name": "tomcat-8.0.53-10.35.1.noarch",
                  "product_id": "tomcat-8.0.53-10.35.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-admin-webapps-8.0.53-10.35.1.noarch",
                "product": {
                  "name": "tomcat-admin-webapps-8.0.53-10.35.1.noarch",
                  "product_id": "tomcat-admin-webapps-8.0.53-10.35.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-docs-webapp-8.0.53-10.35.1.noarch",
                "product": {
                  "name": "tomcat-docs-webapp-8.0.53-10.35.1.noarch",
                  "product_id": "tomcat-docs-webapp-8.0.53-10.35.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
                "product": {
                  "name": "tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
                  "product_id": "tomcat-el-3_0-api-8.0.53-10.35.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-javadoc-8.0.53-10.35.1.noarch",
                "product": {
                  "name": "tomcat-javadoc-8.0.53-10.35.1.noarch",
                  "product_id": "tomcat-javadoc-8.0.53-10.35.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
                "product": {
                  "name": "tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
                  "product_id": "tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-lib-8.0.53-10.35.1.noarch",
                "product": {
                  "name": "tomcat-lib-8.0.53-10.35.1.noarch",
                  "product_id": "tomcat-lib-8.0.53-10.35.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
                "product": {
                  "name": "tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
                  "product_id": "tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "tomcat-webapps-8.0.53-10.35.1.noarch",
                "product": {
                  "name": "tomcat-webapps-8.0.53-10.35.1.noarch",
                  "product_id": "tomcat-webapps-8.0.53-10.35.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12:sp1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-8.0.53-10.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-8.0.53-10.35.1.noarch"
        },
        "product_reference": "tomcat-8.0.53-10.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-admin-webapps-8.0.53-10.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-admin-webapps-8.0.53-10.35.1.noarch"
        },
        "product_reference": "tomcat-admin-webapps-8.0.53-10.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-docs-webapp-8.0.53-10.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-docs-webapp-8.0.53-10.35.1.noarch"
        },
        "product_reference": "tomcat-docs-webapp-8.0.53-10.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-el-3_0-api-8.0.53-10.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-el-3_0-api-8.0.53-10.35.1.noarch"
        },
        "product_reference": "tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-javadoc-8.0.53-10.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-javadoc-8.0.53-10.35.1.noarch"
        },
        "product_reference": "tomcat-javadoc-8.0.53-10.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch"
        },
        "product_reference": "tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-lib-8.0.53-10.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-lib-8.0.53-10.35.1.noarch"
        },
        "product_reference": "tomcat-lib-8.0.53-10.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch"
        },
        "product_reference": "tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-webapps-8.0.53-10.35.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-webapps-8.0.53-10.35.1.noarch"
        },
        "product_reference": "tomcat-webapps-8.0.53-10.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-8.0.53-10.35.1.noarch as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-8.0.53-10.35.1.noarch"
        },
        "product_reference": "tomcat-8.0.53-10.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-admin-webapps-8.0.53-10.35.1.noarch as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-admin-webapps-8.0.53-10.35.1.noarch"
        },
        "product_reference": "tomcat-admin-webapps-8.0.53-10.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-docs-webapp-8.0.53-10.35.1.noarch as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-docs-webapp-8.0.53-10.35.1.noarch"
        },
        "product_reference": "tomcat-docs-webapp-8.0.53-10.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-el-3_0-api-8.0.53-10.35.1.noarch as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-el-3_0-api-8.0.53-10.35.1.noarch"
        },
        "product_reference": "tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-javadoc-8.0.53-10.35.1.noarch as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-javadoc-8.0.53-10.35.1.noarch"
        },
        "product_reference": "tomcat-javadoc-8.0.53-10.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch"
        },
        "product_reference": "tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-lib-8.0.53-10.35.1.noarch as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-lib-8.0.53-10.35.1.noarch"
        },
        "product_reference": "tomcat-lib-8.0.53-10.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch"
        },
        "product_reference": "tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat-webapps-8.0.53-10.35.1.noarch as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-webapps-8.0.53-10.35.1.noarch"
        },
        "product_reference": "tomcat-webapps-8.0.53-10.35.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-15706",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-15706"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correct. As a result, some scripts may have failed to execute as expected and other scripts may have been executed unexpectedly. Note that the behaviour of the CGI servlet has remained unchanged in this regard. It is only the documentation of the behaviour that was wrong and has been corrected.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-javadoc-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-lib-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-webapps-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-javadoc-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-lib-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-webapps-8.0.53-10.35.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-15706",
          "url": "https://www.suse.com/security/cve/CVE-2017-15706"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1078677 for CVE-2017-15706",
          "url": "https://bugzilla.suse.com/1078677"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-javadoc-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-lib-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-javadoc-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-lib-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-webapps-8.0.53-10.35.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 0,
            "baseSeverity": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-javadoc-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-lib-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-javadoc-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-lib-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-webapps-8.0.53-10.35.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-10-24T11:48:05Z",
          "details": "low"
        }
      ],
      "title": "CVE-2017-15706"
    },
    {
      "cve": "CVE-2018-11784",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-11784"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to \u0027/foo/\u0027 when the user requested \u0027/foo\u0027) a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-javadoc-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-lib-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-webapps-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-javadoc-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-lib-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-webapps-8.0.53-10.35.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-11784",
          "url": "https://www.suse.com/security/cve/CVE-2018-11784"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1110850 for CVE-2018-11784",
          "url": "https://bugzilla.suse.com/1110850"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1122212 for CVE-2018-11784",
          "url": "https://bugzilla.suse.com/1122212"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-javadoc-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-lib-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-javadoc-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-lib-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-webapps-8.0.53-10.35.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-javadoc-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-lib-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-javadoc-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-lib-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-webapps-8.0.53-10.35.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-10-24T11:48:05Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-11784"
    },
    {
      "cve": "CVE-2018-1304",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-1304"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The URL pattern of \"\" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-javadoc-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-lib-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-webapps-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-javadoc-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-lib-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-webapps-8.0.53-10.35.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-1304",
          "url": "https://www.suse.com/security/cve/CVE-2018-1304"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1082480 for CVE-2018-1304",
          "url": "https://bugzilla.suse.com/1082480"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-javadoc-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-lib-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-javadoc-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-lib-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-webapps-8.0.53-10.35.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-javadoc-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-lib-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-javadoc-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-lib-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-webapps-8.0.53-10.35.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-10-24T11:48:05Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-1304"
    },
    {
      "cve": "CVE-2018-1305",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-1305"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-javadoc-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-lib-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-webapps-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-javadoc-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-lib-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-webapps-8.0.53-10.35.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-1305",
          "url": "https://www.suse.com/security/cve/CVE-2018-1305"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1082481 for CVE-2018-1305",
          "url": "https://bugzilla.suse.com/1082481"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112097 for CVE-2018-1305",
          "url": "https://bugzilla.suse.com/1112097"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-javadoc-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-lib-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-javadoc-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-lib-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-webapps-8.0.53-10.35.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-javadoc-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-lib-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-javadoc-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-lib-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-webapps-8.0.53-10.35.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-10-24T11:48:05Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-1305"
    },
    {
      "cve": "CVE-2018-1336",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-1336"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-javadoc-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-lib-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-webapps-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-javadoc-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-lib-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-webapps-8.0.53-10.35.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-1336",
          "url": "https://www.suse.com/security/cve/CVE-2018-1336"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1102400 for CVE-2018-1336",
          "url": "https://bugzilla.suse.com/1102400"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-javadoc-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-lib-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-javadoc-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-lib-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-webapps-8.0.53-10.35.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-javadoc-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-lib-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-javadoc-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-lib-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-webapps-8.0.53-10.35.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-10-24T11:48:05Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-1336"
    },
    {
      "cve": "CVE-2018-8014",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-8014"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable \u0027supportsCredentials\u0027 for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-javadoc-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-lib-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-webapps-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-javadoc-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-lib-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-webapps-8.0.53-10.35.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-8014",
          "url": "https://www.suse.com/security/cve/CVE-2018-8014"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1093697 for CVE-2018-8014",
          "url": "https://bugzilla.suse.com/1093697"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-javadoc-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-lib-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-javadoc-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-lib-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-webapps-8.0.53-10.35.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-javadoc-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-lib-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-javadoc-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-lib-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-webapps-8.0.53-10.35.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-10-24T11:48:05Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-8014"
    },
    {
      "cve": "CVE-2018-8034",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-8034"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-javadoc-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-lib-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-webapps-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-javadoc-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-lib-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-webapps-8.0.53-10.35.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-8034",
          "url": "https://www.suse.com/security/cve/CVE-2018-8034"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1102379 for CVE-2018-8034",
          "url": "https://bugzilla.suse.com/1102379"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-javadoc-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-lib-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-javadoc-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-lib-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-webapps-8.0.53-10.35.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-javadoc-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-lib-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-javadoc-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-lib-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-webapps-8.0.53-10.35.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-10-24T11:48:05Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-8034"
    },
    {
      "cve": "CVE-2018-8037",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-8037"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2 connectors that did not correctly track the closure of the connection when an async request was completed by the application and timed out by the container at the same time. This could also result in a user seeing a response intended for another user. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.9 and 8.5.5 to 8.5.31.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-javadoc-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-lib-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-webapps-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-javadoc-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-lib-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-webapps-8.0.53-10.35.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-8037",
          "url": "https://www.suse.com/security/cve/CVE-2018-8037"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1003579 for CVE-2018-8037",
          "url": "https://bugzilla.suse.com/1003579"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1102410 for CVE-2018-8037",
          "url": "https://bugzilla.suse.com/1102410"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-javadoc-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-lib-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-javadoc-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-lib-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-webapps-8.0.53-10.35.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-javadoc-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-lib-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:tomcat-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-admin-webapps-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-docs-webapp-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-el-3_0-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-javadoc-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-jsp-2_3-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-lib-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-servlet-3_1-api-8.0.53-10.35.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-webapps-8.0.53-10.35.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-10-24T11:48:05Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2018-8037"
    }
  ]
}

WID-SEC-W-2024-0528

Vulnerability from csaf_certbund - Published: 2024-02-29 23:00 - Updated: 2024-02-29 23:00

Summary

Dell Data Protection Advisor: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Data Protection Advisor ist eine Monitoring Lösung. Der Collector ist der lokale Agent.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Dell Data Protection Advisor ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand herbeizuführen, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Berechtigungen zu erweitern oder einen nicht spezifizierten Angriff durchzuführen.

Betroffene Betriebssysteme: - Windows

CVE-2023-45648

Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand herbeizuführen, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuführen.

CVE-2023-42795

CVE-2023-41080

CVE-2023-34055

CVE-2023-28708

CVE-2023-28154

CVE-2023-22081

CVE-2023-22067

CVE-2023-22025

CVE-2023-20883

CVE-2023-20873

CVE-2023-20863

CVE-2023-20861

CVE-2022-46175

CVE-2022-41854

CVE-2022-38752

CVE-2022-38751

CVE-2022-38750

CVE-2022-38749

CVE-2022-37603

CVE-2022-37601

CVE-2022-37599

CVE-2022-31129

CVE-2022-27772

CVE-2022-25881

CVE-2022-25858

CVE-2022-22971

CVE-2022-22970

CVE-2022-22968

CVE-2022-22965

CVE-2022-22950

CVE-2021-43980

CVE-2021-33037

CVE-2021-30640

CVE-2020-5421

CVE-2020-1938

CVE-2020-1935

CVE-2020-13943

CVE-2020-13935

CVE-2020-13934

CVE-2020-11996

CVE-2019-2684

CVE-2019-17563

CVE-2019-12418

CVE-2019-10072

CVE-2019-0232

CVE-2019-0221

CVE-2019-0199

CVE-2018-8037

CVE-2018-8034

CVE-2018-8014

CVE-2018-15756

CVE-2018-1336

CVE-2018-1305

CVE-2018-1304

CVE-2018-1275

CVE-2018-1272

CVE-2018-1271

CVE-2018-1270

CVE-2018-1257

CVE-2018-1199

CVE-2018-1196

CVE-2018-11784

CVE-2018-11040

CVE-2018-11039

CVE-2017-8046

CVE-2017-7675

CVE-2017-7674

CVE-2017-5664

CVE-2017-5651

CVE-2017-5650

CVE-2017-5648

CVE-2017-5647

CVE-2017-18640

CVE-2017-12617

CVE-2016-9878

CVE-2016-8745

CVE-2016-8735

CVE-2016-6817

CVE-2016-6816

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.dell.com/support/kbdoc/000222618/dsa-2024-=	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Data Protection Advisor ist eine Monitoring L\u00f6sung. Der Collector ist der lokale Agent.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Dell Data Protection Advisor ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Berechtigungen zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0528 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0528.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0528 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0528"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2024-107 vom 2024-02-29",
        "url": "https://www.dell.com/support/kbdoc/000222618/dsa-2024-="
      }
    ],
    "source_lang": "en-US",
    "title": "Dell Data Protection Advisor: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-02-29T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:05:58.480+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-0528",
      "initial_release_date": "2024-02-29T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-02-29T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 19.10",
                "product": {
                  "name": "Dell Data Protection Advisor \u003c 19.10",
                  "product_id": "T033198"
                }
              }
            ],
            "category": "product_name",
            "name": "Data Protection Advisor"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-45648",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2023-45648"
    },
    {
      "cve": "CVE-2023-42795",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2023-42795"
    },
    {
      "cve": "CVE-2023-41080",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2023-41080"
    },
    {
      "cve": "CVE-2023-34055",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2023-34055"
    },
    {
      "cve": "CVE-2023-28708",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2023-28708"
    },
    {
      "cve": "CVE-2023-28154",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2023-28154"
    },
    {
      "cve": "CVE-2023-22081",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2023-22081"
    },
    {
      "cve": "CVE-2023-22067",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2023-22067"
    },
    {
      "cve": "CVE-2023-22025",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2023-22025"
    },
    {
      "cve": "CVE-2023-20883",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2023-20883"
    },
    {
      "cve": "CVE-2023-20873",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2023-20873"
    },
    {
      "cve": "CVE-2023-20863",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2023-20863"
    },
    {
      "cve": "CVE-2023-20861",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2023-20861"
    },
    {
      "cve": "CVE-2022-46175",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-46175"
    },
    {
      "cve": "CVE-2022-41854",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-41854"
    },
    {
      "cve": "CVE-2022-38752",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-38752"
    },
    {
      "cve": "CVE-2022-38751",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-38751"
    },
    {
      "cve": "CVE-2022-38750",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-38750"
    },
    {
      "cve": "CVE-2022-38749",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-38749"
    },
    {
      "cve": "CVE-2022-37603",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-37603"
    },
    {
      "cve": "CVE-2022-37601",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-37601"
    },
    {
      "cve": "CVE-2022-37599",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-37599"
    },
    {
      "cve": "CVE-2022-31129",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-31129"
    },
    {
      "cve": "CVE-2022-27772",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-27772"
    },
    {
      "cve": "CVE-2022-25881",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-25881"
    },
    {
      "cve": "CVE-2022-25858",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-25858"
    },
    {
      "cve": "CVE-2022-22971",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-22971"
    },
    {
      "cve": "CVE-2022-22970",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-22970"
    },
    {
      "cve": "CVE-2022-22968",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-22968"
    },
    {
      "cve": "CVE-2022-22965",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-22965"
    },
    {
      "cve": "CVE-2022-22950",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-22950"
    },
    {
      "cve": "CVE-2021-43980",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2021-43980"
    },
    {
      "cve": "CVE-2021-33037",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2021-33037"
    },
    {
      "cve": "CVE-2021-30640",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2021-30640"
    },
    {
      "cve": "CVE-2020-5421",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2020-5421"
    },
    {
      "cve": "CVE-2020-1938",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2020-1938"
    },
    {
      "cve": "CVE-2020-1935",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2020-1935"
    },
    {
      "cve": "CVE-2020-13943",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2020-13943"
    },
    {
      "cve": "CVE-2020-13935",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2020-13935"
    },
    {
      "cve": "CVE-2020-13934",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2020-13934"
    },
    {
      "cve": "CVE-2020-11996",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2020-11996"
    },
    {
      "cve": "CVE-2019-2684",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2019-2684"
    },
    {
      "cve": "CVE-2019-17563",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2019-17563"
    },
    {
      "cve": "CVE-2019-12418",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2019-12418"
    },
    {
      "cve": "CVE-2019-10072",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2019-10072"
    },
    {
      "cve": "CVE-2019-0232",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2019-0232"
    },
    {
      "cve": "CVE-2019-0221",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2019-0221"
    },
    {
      "cve": "CVE-2019-0199",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2019-0199"
    },
    {
      "cve": "CVE-2018-8037",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-8037"
    },
    {
      "cve": "CVE-2018-8034",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-8034"
    },
    {
      "cve": "CVE-2018-8014",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-8014"
    },
    {
      "cve": "CVE-2018-15756",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-15756"
    },
    {
      "cve": "CVE-2018-1336",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-1336"
    },
    {
      "cve": "CVE-2018-1305",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-1305"
    },
    {
      "cve": "CVE-2018-1304",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-1304"
    },
    {
      "cve": "CVE-2018-1275",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-1275"
    },
    {
      "cve": "CVE-2018-1272",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-1272"
    },
    {
      "cve": "CVE-2018-1271",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-1271"
    },
    {
      "cve": "CVE-2018-1270",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-1270"
    },
    {
      "cve": "CVE-2018-1257",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-1257"
    },
    {
      "cve": "CVE-2018-1199",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-1199"
    },
    {
      "cve": "CVE-2018-1196",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-1196"
    },
    {
      "cve": "CVE-2018-11784",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-11784"
    },
    {
      "cve": "CVE-2018-11040",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-11040"
    },
    {
      "cve": "CVE-2018-11039",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-11039"
    },
    {
      "cve": "CVE-2017-8046",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2017-8046"
    },
    {
      "cve": "CVE-2017-7675",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2017-7675"
    },
    {
      "cve": "CVE-2017-7674",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2017-7674"
    },
    {
      "cve": "CVE-2017-5664",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2017-5664"
    },
    {
      "cve": "CVE-2017-5651",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2017-5651"
    },
    {
      "cve": "CVE-2017-5650",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2017-5650"
    },
    {
      "cve": "CVE-2017-5648",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2017-5648"
    },
    {
      "cve": "CVE-2017-5647",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2017-5647"
    },
    {
      "cve": "CVE-2017-18640",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2017-18640"
    },
    {
      "cve": "CVE-2017-12617",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2017-12617"
    },
    {
      "cve": "CVE-2016-9878",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2016-9878"
    },
    {
      "cve": "CVE-2016-8745",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2016-8745"
    },
    {
      "cve": "CVE-2016-8735",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2016-8735"
    },
    {
      "cve": "CVE-2016-6817",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2016-6817"
    },
    {
      "cve": "CVE-2016-6816",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2016-6816"
    }
  ]
}

WID-SEC-W-2024-1682

Vulnerability from csaf_certbund - Published: 2019-04-16 22:00 - Updated: 2024-07-21 22:00

Summary

Oracle Retail Applications: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Oracle Retail Allocation ist ein Verwaltungswerkzeug. Oracle MICROS bietet eine Reihe von Software, Hardware und Dienstleistungen zusammen mit schnell wachsenden Cloud Lösungen für Abrechnung und Verwaltung in Unternehmen des Hotel- und Gaststättengewerbes, Reiseveranstalter und Veranstaltern von Kreuzfahrten sowie in Unternehmen der Freizeit- und Unterhaltungsbranche. Oracle Invoice Matching ist ein Tool zum Verwalten von Lieferantenrechnungen.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Oracle Retail Applications ausnutzen, um dadurch die Integrität, Vertraulichkeit und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme: - Linux - UNIX - Windows

CVE-2014-9515

In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Confidentiality", "Integrity" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.

Affected products

Known affected 16 products

Product	Identifier	Version
Oracle Retail Invoice Matching 13.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.1`	13.1
Oracle Retail Invoice Matching 14.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.0`	14
Oracle Retail MICROS 11.4 Oracle / Retail MICROS	`cpe:/a:oracle:micros:11.4`	11.4
Oracle Retail MICROS 12.1.2 Oracle / Retail MICROS	`cpe:/a:oracle:micros:12.1.2`	12.1.2
Oracle Retail MICROS 2.9.5.6 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.6`	2.9.5.6
Oracle Retail MICROS 2.9.5.7 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.7`	2.9.5.7
Oracle Retail Invoice Matching 15.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:15.0`	15
Oracle Retail Allocation 15.0.2 Oracle / Retail Allocation	`cpe:/a:oracle:retail_allocation:15.0.2`	15.0.2
Oracle Retail Invoice Matching 14.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.1`	14.1
NetApp ActiveIQ Unified Manager NetApp	`cpe:/a:netapp:active_iq_unified_manager:-`	—
Oracle Retail Xstore Point of Service 7.1 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.1`	7.1
Oracle Retail Workforce Management 1.60.9.0.0 Oracle / Retail Workforce Management	`cpe:/a:oracle:retail_workforce_management:1.60.9.0.0`	1.60.9.0.0
Oracle Retail Xstore Point of Service 7.0 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.0`	7
Oracle Retail Invoice Matching 13.2 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.2`	13.2
Oracle Retail Invoice Matching 13.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.0`	13
Oracle Retail Invoice Matching 12.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:12.0`	12

CVE-2015-9251

Affected products

Known affected 16 products

Product	Identifier	Version
Oracle Retail Invoice Matching 13.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.1`	13.1
Oracle Retail Invoice Matching 14.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.0`	14
Oracle Retail MICROS 11.4 Oracle / Retail MICROS	`cpe:/a:oracle:micros:11.4`	11.4
Oracle Retail MICROS 12.1.2 Oracle / Retail MICROS	`cpe:/a:oracle:micros:12.1.2`	12.1.2
Oracle Retail MICROS 2.9.5.6 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.6`	2.9.5.6
Oracle Retail MICROS 2.9.5.7 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.7`	2.9.5.7
Oracle Retail Invoice Matching 15.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:15.0`	15
Oracle Retail Allocation 15.0.2 Oracle / Retail Allocation	`cpe:/a:oracle:retail_allocation:15.0.2`	15.0.2
Oracle Retail Invoice Matching 14.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.1`	14.1
NetApp ActiveIQ Unified Manager NetApp	`cpe:/a:netapp:active_iq_unified_manager:-`	—
Oracle Retail Xstore Point of Service 7.1 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.1`	7.1
Oracle Retail Workforce Management 1.60.9.0.0 Oracle / Retail Workforce Management	`cpe:/a:oracle:retail_workforce_management:1.60.9.0.0`	1.60.9.0.0
Oracle Retail Xstore Point of Service 7.0 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.0`	7
Oracle Retail Invoice Matching 13.2 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.2`	13.2
Oracle Retail Invoice Matching 13.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.0`	13
Oracle Retail Invoice Matching 12.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:12.0`	12

CVE-2016-1000031

Affected products

Known affected 16 products

Product	Identifier	Version
Oracle Retail Invoice Matching 13.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.1`	13.1
Oracle Retail Invoice Matching 14.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.0`	14
Oracle Retail MICROS 11.4 Oracle / Retail MICROS	`cpe:/a:oracle:micros:11.4`	11.4
Oracle Retail MICROS 12.1.2 Oracle / Retail MICROS	`cpe:/a:oracle:micros:12.1.2`	12.1.2
Oracle Retail MICROS 2.9.5.6 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.6`	2.9.5.6
Oracle Retail MICROS 2.9.5.7 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.7`	2.9.5.7
Oracle Retail Invoice Matching 15.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:15.0`	15
Oracle Retail Allocation 15.0.2 Oracle / Retail Allocation	`cpe:/a:oracle:retail_allocation:15.0.2`	15.0.2
Oracle Retail Invoice Matching 14.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.1`	14.1
NetApp ActiveIQ Unified Manager NetApp	`cpe:/a:netapp:active_iq_unified_manager:-`	—
Oracle Retail Xstore Point of Service 7.1 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.1`	7.1
Oracle Retail Workforce Management 1.60.9.0.0 Oracle / Retail Workforce Management	`cpe:/a:oracle:retail_workforce_management:1.60.9.0.0`	1.60.9.0.0
Oracle Retail Xstore Point of Service 7.0 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.0`	7
Oracle Retail Invoice Matching 13.2 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.2`	13.2
Oracle Retail Invoice Matching 13.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.0`	13
Oracle Retail Invoice Matching 12.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:12.0`	12

CVE-2017-5533

Affected products

Known affected 16 products

Product	Identifier	Version
Oracle Retail Invoice Matching 13.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.1`	13.1
Oracle Retail Invoice Matching 14.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.0`	14
Oracle Retail MICROS 11.4 Oracle / Retail MICROS	`cpe:/a:oracle:micros:11.4`	11.4
Oracle Retail MICROS 12.1.2 Oracle / Retail MICROS	`cpe:/a:oracle:micros:12.1.2`	12.1.2
Oracle Retail MICROS 2.9.5.6 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.6`	2.9.5.6
Oracle Retail MICROS 2.9.5.7 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.7`	2.9.5.7
Oracle Retail Invoice Matching 15.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:15.0`	15
Oracle Retail Allocation 15.0.2 Oracle / Retail Allocation	`cpe:/a:oracle:retail_allocation:15.0.2`	15.0.2
Oracle Retail Invoice Matching 14.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.1`	14.1
NetApp ActiveIQ Unified Manager NetApp	`cpe:/a:netapp:active_iq_unified_manager:-`	—
Oracle Retail Xstore Point of Service 7.1 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.1`	7.1
Oracle Retail Workforce Management 1.60.9.0.0 Oracle / Retail Workforce Management	`cpe:/a:oracle:retail_workforce_management:1.60.9.0.0`	1.60.9.0.0
Oracle Retail Xstore Point of Service 7.0 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.0`	7
Oracle Retail Invoice Matching 13.2 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.2`	13.2
Oracle Retail Invoice Matching 13.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.0`	13
Oracle Retail Invoice Matching 12.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:12.0`	12

CVE-2018-1000180

Affected products

Known affected 16 products

Product	Identifier	Version
Oracle Retail Invoice Matching 13.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.1`	13.1
Oracle Retail Invoice Matching 14.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.0`	14
Oracle Retail MICROS 11.4 Oracle / Retail MICROS	`cpe:/a:oracle:micros:11.4`	11.4
Oracle Retail MICROS 12.1.2 Oracle / Retail MICROS	`cpe:/a:oracle:micros:12.1.2`	12.1.2
Oracle Retail MICROS 2.9.5.6 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.6`	2.9.5.6
Oracle Retail MICROS 2.9.5.7 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.7`	2.9.5.7
Oracle Retail Invoice Matching 15.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:15.0`	15
Oracle Retail Allocation 15.0.2 Oracle / Retail Allocation	`cpe:/a:oracle:retail_allocation:15.0.2`	15.0.2
Oracle Retail Invoice Matching 14.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.1`	14.1
NetApp ActiveIQ Unified Manager NetApp	`cpe:/a:netapp:active_iq_unified_manager:-`	—
Oracle Retail Xstore Point of Service 7.1 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.1`	7.1
Oracle Retail Workforce Management 1.60.9.0.0 Oracle / Retail Workforce Management	`cpe:/a:oracle:retail_workforce_management:1.60.9.0.0`	1.60.9.0.0
Oracle Retail Xstore Point of Service 7.0 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.0`	7
Oracle Retail Invoice Matching 13.2 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.2`	13.2
Oracle Retail Invoice Matching 13.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.0`	13
Oracle Retail Invoice Matching 12.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:12.0`	12

CVE-2018-1000613

Affected products

Known affected 16 products

Product	Identifier	Version
Oracle Retail Invoice Matching 13.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.1`	13.1
Oracle Retail Invoice Matching 14.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.0`	14
Oracle Retail MICROS 11.4 Oracle / Retail MICROS	`cpe:/a:oracle:micros:11.4`	11.4
Oracle Retail MICROS 12.1.2 Oracle / Retail MICROS	`cpe:/a:oracle:micros:12.1.2`	12.1.2
Oracle Retail MICROS 2.9.5.6 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.6`	2.9.5.6
Oracle Retail MICROS 2.9.5.7 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.7`	2.9.5.7
Oracle Retail Invoice Matching 15.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:15.0`	15
Oracle Retail Allocation 15.0.2 Oracle / Retail Allocation	`cpe:/a:oracle:retail_allocation:15.0.2`	15.0.2
Oracle Retail Invoice Matching 14.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.1`	14.1
NetApp ActiveIQ Unified Manager NetApp	`cpe:/a:netapp:active_iq_unified_manager:-`	—
Oracle Retail Xstore Point of Service 7.1 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.1`	7.1
Oracle Retail Workforce Management 1.60.9.0.0 Oracle / Retail Workforce Management	`cpe:/a:oracle:retail_workforce_management:1.60.9.0.0`	1.60.9.0.0
Oracle Retail Xstore Point of Service 7.0 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.0`	7
Oracle Retail Invoice Matching 13.2 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.2`	13.2
Oracle Retail Invoice Matching 13.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.0`	13
Oracle Retail Invoice Matching 12.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:12.0`	12

CVE-2018-11763

Affected products

Known affected 16 products

Product	Identifier	Version
Oracle Retail Invoice Matching 13.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.1`	13.1
Oracle Retail Invoice Matching 14.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.0`	14
Oracle Retail MICROS 11.4 Oracle / Retail MICROS	`cpe:/a:oracle:micros:11.4`	11.4
Oracle Retail MICROS 12.1.2 Oracle / Retail MICROS	`cpe:/a:oracle:micros:12.1.2`	12.1.2
Oracle Retail MICROS 2.9.5.6 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.6`	2.9.5.6
Oracle Retail MICROS 2.9.5.7 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.7`	2.9.5.7
Oracle Retail Invoice Matching 15.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:15.0`	15
Oracle Retail Allocation 15.0.2 Oracle / Retail Allocation	`cpe:/a:oracle:retail_allocation:15.0.2`	15.0.2
Oracle Retail Invoice Matching 14.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.1`	14.1
NetApp ActiveIQ Unified Manager NetApp	`cpe:/a:netapp:active_iq_unified_manager:-`	—
Oracle Retail Xstore Point of Service 7.1 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.1`	7.1
Oracle Retail Workforce Management 1.60.9.0.0 Oracle / Retail Workforce Management	`cpe:/a:oracle:retail_workforce_management:1.60.9.0.0`	1.60.9.0.0
Oracle Retail Xstore Point of Service 7.0 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.0`	7
Oracle Retail Invoice Matching 13.2 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.2`	13.2
Oracle Retail Invoice Matching 13.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.0`	13
Oracle Retail Invoice Matching 12.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:12.0`	12

CVE-2018-11784

Affected products

Known affected 16 products

Product	Identifier	Version
Oracle Retail Invoice Matching 13.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.1`	13.1
Oracle Retail Invoice Matching 14.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.0`	14
Oracle Retail MICROS 11.4 Oracle / Retail MICROS	`cpe:/a:oracle:micros:11.4`	11.4
Oracle Retail MICROS 12.1.2 Oracle / Retail MICROS	`cpe:/a:oracle:micros:12.1.2`	12.1.2
Oracle Retail MICROS 2.9.5.6 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.6`	2.9.5.6
Oracle Retail MICROS 2.9.5.7 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.7`	2.9.5.7
Oracle Retail Invoice Matching 15.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:15.0`	15
Oracle Retail Allocation 15.0.2 Oracle / Retail Allocation	`cpe:/a:oracle:retail_allocation:15.0.2`	15.0.2
Oracle Retail Invoice Matching 14.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.1`	14.1
NetApp ActiveIQ Unified Manager NetApp	`cpe:/a:netapp:active_iq_unified_manager:-`	—
Oracle Retail Xstore Point of Service 7.1 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.1`	7.1
Oracle Retail Workforce Management 1.60.9.0.0 Oracle / Retail Workforce Management	`cpe:/a:oracle:retail_workforce_management:1.60.9.0.0`	1.60.9.0.0
Oracle Retail Xstore Point of Service 7.0 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.0`	7
Oracle Retail Invoice Matching 13.2 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.2`	13.2
Oracle Retail Invoice Matching 13.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.0`	13
Oracle Retail Invoice Matching 12.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:12.0`	12

CVE-2018-12022

Affected products

Known affected 16 products

Product	Identifier	Version
Oracle Retail Invoice Matching 13.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.1`	13.1
Oracle Retail Invoice Matching 14.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.0`	14
Oracle Retail MICROS 11.4 Oracle / Retail MICROS	`cpe:/a:oracle:micros:11.4`	11.4
Oracle Retail MICROS 12.1.2 Oracle / Retail MICROS	`cpe:/a:oracle:micros:12.1.2`	12.1.2
Oracle Retail MICROS 2.9.5.6 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.6`	2.9.5.6
Oracle Retail MICROS 2.9.5.7 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.7`	2.9.5.7
Oracle Retail Invoice Matching 15.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:15.0`	15
Oracle Retail Allocation 15.0.2 Oracle / Retail Allocation	`cpe:/a:oracle:retail_allocation:15.0.2`	15.0.2
Oracle Retail Invoice Matching 14.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.1`	14.1
NetApp ActiveIQ Unified Manager NetApp	`cpe:/a:netapp:active_iq_unified_manager:-`	—
Oracle Retail Xstore Point of Service 7.1 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.1`	7.1
Oracle Retail Workforce Management 1.60.9.0.0 Oracle / Retail Workforce Management	`cpe:/a:oracle:retail_workforce_management:1.60.9.0.0`	1.60.9.0.0
Oracle Retail Xstore Point of Service 7.0 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.0`	7
Oracle Retail Invoice Matching 13.2 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.2`	13.2
Oracle Retail Invoice Matching 13.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.0`	13
Oracle Retail Invoice Matching 12.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:12.0`	12

CVE-2018-12023

Affected products

Known affected 16 products

Product	Identifier	Version
Oracle Retail Invoice Matching 13.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.1`	13.1
Oracle Retail Invoice Matching 14.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.0`	14
Oracle Retail MICROS 11.4 Oracle / Retail MICROS	`cpe:/a:oracle:micros:11.4`	11.4
Oracle Retail MICROS 12.1.2 Oracle / Retail MICROS	`cpe:/a:oracle:micros:12.1.2`	12.1.2
Oracle Retail MICROS 2.9.5.6 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.6`	2.9.5.6
Oracle Retail MICROS 2.9.5.7 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.7`	2.9.5.7
Oracle Retail Invoice Matching 15.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:15.0`	15
Oracle Retail Allocation 15.0.2 Oracle / Retail Allocation	`cpe:/a:oracle:retail_allocation:15.0.2`	15.0.2
Oracle Retail Invoice Matching 14.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.1`	14.1
NetApp ActiveIQ Unified Manager NetApp	`cpe:/a:netapp:active_iq_unified_manager:-`	—
Oracle Retail Xstore Point of Service 7.1 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.1`	7.1
Oracle Retail Workforce Management 1.60.9.0.0 Oracle / Retail Workforce Management	`cpe:/a:oracle:retail_workforce_management:1.60.9.0.0`	1.60.9.0.0
Oracle Retail Xstore Point of Service 7.0 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.0`	7
Oracle Retail Invoice Matching 13.2 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.2`	13.2
Oracle Retail Invoice Matching 13.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.0`	13
Oracle Retail Invoice Matching 12.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:12.0`	12

CVE-2018-1304

Affected products

Known affected 16 products

Product	Identifier	Version
Oracle Retail Invoice Matching 13.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.1`	13.1
Oracle Retail Invoice Matching 14.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.0`	14
Oracle Retail MICROS 11.4 Oracle / Retail MICROS	`cpe:/a:oracle:micros:11.4`	11.4
Oracle Retail MICROS 12.1.2 Oracle / Retail MICROS	`cpe:/a:oracle:micros:12.1.2`	12.1.2
Oracle Retail MICROS 2.9.5.6 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.6`	2.9.5.6
Oracle Retail MICROS 2.9.5.7 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.7`	2.9.5.7
Oracle Retail Invoice Matching 15.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:15.0`	15
Oracle Retail Allocation 15.0.2 Oracle / Retail Allocation	`cpe:/a:oracle:retail_allocation:15.0.2`	15.0.2
Oracle Retail Invoice Matching 14.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.1`	14.1
NetApp ActiveIQ Unified Manager NetApp	`cpe:/a:netapp:active_iq_unified_manager:-`	—
Oracle Retail Xstore Point of Service 7.1 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.1`	7.1
Oracle Retail Workforce Management 1.60.9.0.0 Oracle / Retail Workforce Management	`cpe:/a:oracle:retail_workforce_management:1.60.9.0.0`	1.60.9.0.0
Oracle Retail Xstore Point of Service 7.0 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.0`	7
Oracle Retail Invoice Matching 13.2 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.2`	13.2
Oracle Retail Invoice Matching 13.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.0`	13
Oracle Retail Invoice Matching 12.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:12.0`	12

CVE-2018-1305

Affected products

Known affected 16 products

Product	Identifier	Version
Oracle Retail Invoice Matching 13.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.1`	13.1
Oracle Retail Invoice Matching 14.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.0`	14
Oracle Retail MICROS 11.4 Oracle / Retail MICROS	`cpe:/a:oracle:micros:11.4`	11.4
Oracle Retail MICROS 12.1.2 Oracle / Retail MICROS	`cpe:/a:oracle:micros:12.1.2`	12.1.2
Oracle Retail MICROS 2.9.5.6 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.6`	2.9.5.6
Oracle Retail MICROS 2.9.5.7 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.7`	2.9.5.7
Oracle Retail Invoice Matching 15.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:15.0`	15
Oracle Retail Allocation 15.0.2 Oracle / Retail Allocation	`cpe:/a:oracle:retail_allocation:15.0.2`	15.0.2
Oracle Retail Invoice Matching 14.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.1`	14.1
NetApp ActiveIQ Unified Manager NetApp	`cpe:/a:netapp:active_iq_unified_manager:-`	—
Oracle Retail Xstore Point of Service 7.1 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.1`	7.1
Oracle Retail Workforce Management 1.60.9.0.0 Oracle / Retail Workforce Management	`cpe:/a:oracle:retail_workforce_management:1.60.9.0.0`	1.60.9.0.0
Oracle Retail Xstore Point of Service 7.0 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.0`	7
Oracle Retail Invoice Matching 13.2 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.2`	13.2
Oracle Retail Invoice Matching 13.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.0`	13
Oracle Retail Invoice Matching 12.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:12.0`	12

CVE-2018-14718

Affected products

Known affected 16 products

Product	Identifier	Version
Oracle Retail Invoice Matching 13.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.1`	13.1
Oracle Retail Invoice Matching 14.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.0`	14
Oracle Retail MICROS 11.4 Oracle / Retail MICROS	`cpe:/a:oracle:micros:11.4`	11.4
Oracle Retail MICROS 12.1.2 Oracle / Retail MICROS	`cpe:/a:oracle:micros:12.1.2`	12.1.2
Oracle Retail MICROS 2.9.5.6 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.6`	2.9.5.6
Oracle Retail MICROS 2.9.5.7 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.7`	2.9.5.7
Oracle Retail Invoice Matching 15.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:15.0`	15
Oracle Retail Allocation 15.0.2 Oracle / Retail Allocation	`cpe:/a:oracle:retail_allocation:15.0.2`	15.0.2
Oracle Retail Invoice Matching 14.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.1`	14.1
NetApp ActiveIQ Unified Manager NetApp	`cpe:/a:netapp:active_iq_unified_manager:-`	—
Oracle Retail Xstore Point of Service 7.1 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.1`	7.1
Oracle Retail Workforce Management 1.60.9.0.0 Oracle / Retail Workforce Management	`cpe:/a:oracle:retail_workforce_management:1.60.9.0.0`	1.60.9.0.0
Oracle Retail Xstore Point of Service 7.0 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.0`	7
Oracle Retail Invoice Matching 13.2 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.2`	13.2
Oracle Retail Invoice Matching 13.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.0`	13
Oracle Retail Invoice Matching 12.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:12.0`	12

CVE-2018-14719

Affected products

Known affected 16 products

Product	Identifier	Version
Oracle Retail Invoice Matching 13.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.1`	13.1
Oracle Retail Invoice Matching 14.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.0`	14
Oracle Retail MICROS 11.4 Oracle / Retail MICROS	`cpe:/a:oracle:micros:11.4`	11.4
Oracle Retail MICROS 12.1.2 Oracle / Retail MICROS	`cpe:/a:oracle:micros:12.1.2`	12.1.2
Oracle Retail MICROS 2.9.5.6 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.6`	2.9.5.6
Oracle Retail MICROS 2.9.5.7 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.7`	2.9.5.7
Oracle Retail Invoice Matching 15.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:15.0`	15
Oracle Retail Allocation 15.0.2 Oracle / Retail Allocation	`cpe:/a:oracle:retail_allocation:15.0.2`	15.0.2
Oracle Retail Invoice Matching 14.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.1`	14.1
NetApp ActiveIQ Unified Manager NetApp	`cpe:/a:netapp:active_iq_unified_manager:-`	—
Oracle Retail Xstore Point of Service 7.1 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.1`	7.1
Oracle Retail Workforce Management 1.60.9.0.0 Oracle / Retail Workforce Management	`cpe:/a:oracle:retail_workforce_management:1.60.9.0.0`	1.60.9.0.0
Oracle Retail Xstore Point of Service 7.0 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.0`	7
Oracle Retail Invoice Matching 13.2 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.2`	13.2
Oracle Retail Invoice Matching 13.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.0`	13
Oracle Retail Invoice Matching 12.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:12.0`	12

CVE-2018-14720

Affected products

Known affected 16 products

Product	Identifier	Version
Oracle Retail Invoice Matching 13.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.1`	13.1
Oracle Retail Invoice Matching 14.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.0`	14
Oracle Retail MICROS 11.4 Oracle / Retail MICROS	`cpe:/a:oracle:micros:11.4`	11.4
Oracle Retail MICROS 12.1.2 Oracle / Retail MICROS	`cpe:/a:oracle:micros:12.1.2`	12.1.2
Oracle Retail MICROS 2.9.5.6 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.6`	2.9.5.6
Oracle Retail MICROS 2.9.5.7 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.7`	2.9.5.7
Oracle Retail Invoice Matching 15.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:15.0`	15
Oracle Retail Allocation 15.0.2 Oracle / Retail Allocation	`cpe:/a:oracle:retail_allocation:15.0.2`	15.0.2
Oracle Retail Invoice Matching 14.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.1`	14.1
NetApp ActiveIQ Unified Manager NetApp	`cpe:/a:netapp:active_iq_unified_manager:-`	—
Oracle Retail Xstore Point of Service 7.1 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.1`	7.1
Oracle Retail Workforce Management 1.60.9.0.0 Oracle / Retail Workforce Management	`cpe:/a:oracle:retail_workforce_management:1.60.9.0.0`	1.60.9.0.0
Oracle Retail Xstore Point of Service 7.0 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.0`	7
Oracle Retail Invoice Matching 13.2 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.2`	13.2
Oracle Retail Invoice Matching 13.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.0`	13
Oracle Retail Invoice Matching 12.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:12.0`	12

CVE-2018-14721

Affected products

Known affected 16 products

Product	Identifier	Version
Oracle Retail Invoice Matching 13.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.1`	13.1
Oracle Retail Invoice Matching 14.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.0`	14
Oracle Retail MICROS 11.4 Oracle / Retail MICROS	`cpe:/a:oracle:micros:11.4`	11.4
Oracle Retail MICROS 12.1.2 Oracle / Retail MICROS	`cpe:/a:oracle:micros:12.1.2`	12.1.2
Oracle Retail MICROS 2.9.5.6 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.6`	2.9.5.6
Oracle Retail MICROS 2.9.5.7 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.7`	2.9.5.7
Oracle Retail Invoice Matching 15.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:15.0`	15
Oracle Retail Allocation 15.0.2 Oracle / Retail Allocation	`cpe:/a:oracle:retail_allocation:15.0.2`	15.0.2
Oracle Retail Invoice Matching 14.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.1`	14.1
NetApp ActiveIQ Unified Manager NetApp	`cpe:/a:netapp:active_iq_unified_manager:-`	—
Oracle Retail Xstore Point of Service 7.1 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.1`	7.1
Oracle Retail Workforce Management 1.60.9.0.0 Oracle / Retail Workforce Management	`cpe:/a:oracle:retail_workforce_management:1.60.9.0.0`	1.60.9.0.0
Oracle Retail Xstore Point of Service 7.0 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.0`	7
Oracle Retail Invoice Matching 13.2 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.2`	13.2
Oracle Retail Invoice Matching 13.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.0`	13
Oracle Retail Invoice Matching 12.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:12.0`	12

CVE-2018-15756

Affected products

Known affected 16 products

Product	Identifier	Version
Oracle Retail Invoice Matching 13.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.1`	13.1
Oracle Retail Invoice Matching 14.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.0`	14
Oracle Retail MICROS 11.4 Oracle / Retail MICROS	`cpe:/a:oracle:micros:11.4`	11.4
Oracle Retail MICROS 12.1.2 Oracle / Retail MICROS	`cpe:/a:oracle:micros:12.1.2`	12.1.2
Oracle Retail MICROS 2.9.5.6 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.6`	2.9.5.6
Oracle Retail MICROS 2.9.5.7 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.7`	2.9.5.7
Oracle Retail Invoice Matching 15.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:15.0`	15
Oracle Retail Allocation 15.0.2 Oracle / Retail Allocation	`cpe:/a:oracle:retail_allocation:15.0.2`	15.0.2
Oracle Retail Invoice Matching 14.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.1`	14.1
NetApp ActiveIQ Unified Manager NetApp	`cpe:/a:netapp:active_iq_unified_manager:-`	—
Oracle Retail Xstore Point of Service 7.1 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.1`	7.1
Oracle Retail Workforce Management 1.60.9.0.0 Oracle / Retail Workforce Management	`cpe:/a:oracle:retail_workforce_management:1.60.9.0.0`	1.60.9.0.0
Oracle Retail Xstore Point of Service 7.0 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.0`	7
Oracle Retail Invoice Matching 13.2 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.2`	13.2
Oracle Retail Invoice Matching 13.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.0`	13
Oracle Retail Invoice Matching 12.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:12.0`	12

CVE-2018-19360

Affected products

Known affected 16 products

Product	Identifier	Version
Oracle Retail Invoice Matching 13.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.1`	13.1
Oracle Retail Invoice Matching 14.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.0`	14
Oracle Retail MICROS 11.4 Oracle / Retail MICROS	`cpe:/a:oracle:micros:11.4`	11.4
Oracle Retail MICROS 12.1.2 Oracle / Retail MICROS	`cpe:/a:oracle:micros:12.1.2`	12.1.2
Oracle Retail MICROS 2.9.5.6 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.6`	2.9.5.6
Oracle Retail MICROS 2.9.5.7 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.7`	2.9.5.7
Oracle Retail Invoice Matching 15.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:15.0`	15
Oracle Retail Allocation 15.0.2 Oracle / Retail Allocation	`cpe:/a:oracle:retail_allocation:15.0.2`	15.0.2
Oracle Retail Invoice Matching 14.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.1`	14.1
NetApp ActiveIQ Unified Manager NetApp	`cpe:/a:netapp:active_iq_unified_manager:-`	—
Oracle Retail Xstore Point of Service 7.1 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.1`	7.1
Oracle Retail Workforce Management 1.60.9.0.0 Oracle / Retail Workforce Management	`cpe:/a:oracle:retail_workforce_management:1.60.9.0.0`	1.60.9.0.0
Oracle Retail Xstore Point of Service 7.0 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.0`	7
Oracle Retail Invoice Matching 13.2 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.2`	13.2
Oracle Retail Invoice Matching 13.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.0`	13
Oracle Retail Invoice Matching 12.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:12.0`	12

CVE-2018-19361

Affected products

Known affected 16 products

Product	Identifier	Version
Oracle Retail Invoice Matching 13.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.1`	13.1
Oracle Retail Invoice Matching 14.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.0`	14
Oracle Retail MICROS 11.4 Oracle / Retail MICROS	`cpe:/a:oracle:micros:11.4`	11.4
Oracle Retail MICROS 12.1.2 Oracle / Retail MICROS	`cpe:/a:oracle:micros:12.1.2`	12.1.2
Oracle Retail MICROS 2.9.5.6 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.6`	2.9.5.6
Oracle Retail MICROS 2.9.5.7 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.7`	2.9.5.7
Oracle Retail Invoice Matching 15.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:15.0`	15
Oracle Retail Allocation 15.0.2 Oracle / Retail Allocation	`cpe:/a:oracle:retail_allocation:15.0.2`	15.0.2
Oracle Retail Invoice Matching 14.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.1`	14.1
NetApp ActiveIQ Unified Manager NetApp	`cpe:/a:netapp:active_iq_unified_manager:-`	—
Oracle Retail Xstore Point of Service 7.1 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.1`	7.1
Oracle Retail Workforce Management 1.60.9.0.0 Oracle / Retail Workforce Management	`cpe:/a:oracle:retail_workforce_management:1.60.9.0.0`	1.60.9.0.0
Oracle Retail Xstore Point of Service 7.0 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.0`	7
Oracle Retail Invoice Matching 13.2 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.2`	13.2
Oracle Retail Invoice Matching 13.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.0`	13
Oracle Retail Invoice Matching 12.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:12.0`	12

CVE-2018-19362

Affected products

Known affected 16 products

Product	Identifier	Version
Oracle Retail Invoice Matching 13.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.1`	13.1
Oracle Retail Invoice Matching 14.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.0`	14
Oracle Retail MICROS 11.4 Oracle / Retail MICROS	`cpe:/a:oracle:micros:11.4`	11.4
Oracle Retail MICROS 12.1.2 Oracle / Retail MICROS	`cpe:/a:oracle:micros:12.1.2`	12.1.2
Oracle Retail MICROS 2.9.5.6 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.6`	2.9.5.6
Oracle Retail MICROS 2.9.5.7 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.7`	2.9.5.7
Oracle Retail Invoice Matching 15.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:15.0`	15
Oracle Retail Allocation 15.0.2 Oracle / Retail Allocation	`cpe:/a:oracle:retail_allocation:15.0.2`	15.0.2
Oracle Retail Invoice Matching 14.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.1`	14.1
NetApp ActiveIQ Unified Manager NetApp	`cpe:/a:netapp:active_iq_unified_manager:-`	—
Oracle Retail Xstore Point of Service 7.1 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.1`	7.1
Oracle Retail Workforce Management 1.60.9.0.0 Oracle / Retail Workforce Management	`cpe:/a:oracle:retail_workforce_management:1.60.9.0.0`	1.60.9.0.0
Oracle Retail Xstore Point of Service 7.0 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.0`	7
Oracle Retail Invoice Matching 13.2 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.2`	13.2
Oracle Retail Invoice Matching 13.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.0`	13
Oracle Retail Invoice Matching 12.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:12.0`	12

CVE-2018-2880

Affected products

Known affected 16 products

Product	Identifier	Version
Oracle Retail Invoice Matching 13.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.1`	13.1
Oracle Retail Invoice Matching 14.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.0`	14
Oracle Retail MICROS 11.4 Oracle / Retail MICROS	`cpe:/a:oracle:micros:11.4`	11.4
Oracle Retail MICROS 12.1.2 Oracle / Retail MICROS	`cpe:/a:oracle:micros:12.1.2`	12.1.2
Oracle Retail MICROS 2.9.5.6 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.6`	2.9.5.6
Oracle Retail MICROS 2.9.5.7 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.7`	2.9.5.7
Oracle Retail Invoice Matching 15.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:15.0`	15
Oracle Retail Allocation 15.0.2 Oracle / Retail Allocation	`cpe:/a:oracle:retail_allocation:15.0.2`	15.0.2
Oracle Retail Invoice Matching 14.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.1`	14.1
NetApp ActiveIQ Unified Manager NetApp	`cpe:/a:netapp:active_iq_unified_manager:-`	—
Oracle Retail Xstore Point of Service 7.1 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.1`	7.1
Oracle Retail Workforce Management 1.60.9.0.0 Oracle / Retail Workforce Management	`cpe:/a:oracle:retail_workforce_management:1.60.9.0.0`	1.60.9.0.0
Oracle Retail Xstore Point of Service 7.0 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.0`	7
Oracle Retail Invoice Matching 13.2 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.2`	13.2
Oracle Retail Invoice Matching 13.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.0`	13
Oracle Retail Invoice Matching 12.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:12.0`	12

CVE-2018-3120

Affected products

Known affected 16 products

Product	Identifier	Version
Oracle Retail Invoice Matching 13.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.1`	13.1
Oracle Retail Invoice Matching 14.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.0`	14
Oracle Retail MICROS 11.4 Oracle / Retail MICROS	`cpe:/a:oracle:micros:11.4`	11.4
Oracle Retail MICROS 12.1.2 Oracle / Retail MICROS	`cpe:/a:oracle:micros:12.1.2`	12.1.2
Oracle Retail MICROS 2.9.5.6 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.6`	2.9.5.6
Oracle Retail MICROS 2.9.5.7 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.7`	2.9.5.7
Oracle Retail Invoice Matching 15.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:15.0`	15
Oracle Retail Allocation 15.0.2 Oracle / Retail Allocation	`cpe:/a:oracle:retail_allocation:15.0.2`	15.0.2
Oracle Retail Invoice Matching 14.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.1`	14.1
NetApp ActiveIQ Unified Manager NetApp	`cpe:/a:netapp:active_iq_unified_manager:-`	—
Oracle Retail Xstore Point of Service 7.1 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.1`	7.1
Oracle Retail Workforce Management 1.60.9.0.0 Oracle / Retail Workforce Management	`cpe:/a:oracle:retail_workforce_management:1.60.9.0.0`	1.60.9.0.0
Oracle Retail Xstore Point of Service 7.0 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.0`	7
Oracle Retail Invoice Matching 13.2 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.2`	13.2
Oracle Retail Invoice Matching 13.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.0`	13
Oracle Retail Invoice Matching 12.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:12.0`	12

CVE-2018-3312

Affected products

Known affected 16 products

Product	Identifier	Version
Oracle Retail Invoice Matching 13.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.1`	13.1
Oracle Retail Invoice Matching 14.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.0`	14
Oracle Retail MICROS 11.4 Oracle / Retail MICROS	`cpe:/a:oracle:micros:11.4`	11.4
Oracle Retail MICROS 12.1.2 Oracle / Retail MICROS	`cpe:/a:oracle:micros:12.1.2`	12.1.2
Oracle Retail MICROS 2.9.5.6 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.6`	2.9.5.6
Oracle Retail MICROS 2.9.5.7 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.7`	2.9.5.7
Oracle Retail Invoice Matching 15.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:15.0`	15
Oracle Retail Allocation 15.0.2 Oracle / Retail Allocation	`cpe:/a:oracle:retail_allocation:15.0.2`	15.0.2
Oracle Retail Invoice Matching 14.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.1`	14.1
NetApp ActiveIQ Unified Manager NetApp	`cpe:/a:netapp:active_iq_unified_manager:-`	—
Oracle Retail Xstore Point of Service 7.1 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.1`	7.1
Oracle Retail Workforce Management 1.60.9.0.0 Oracle / Retail Workforce Management	`cpe:/a:oracle:retail_workforce_management:1.60.9.0.0`	1.60.9.0.0
Oracle Retail Xstore Point of Service 7.0 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.0`	7
Oracle Retail Invoice Matching 13.2 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.2`	13.2
Oracle Retail Invoice Matching 13.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.0`	13
Oracle Retail Invoice Matching 12.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:12.0`	12

CVE-2018-3314

Affected products

Known affected 16 products

Product	Identifier	Version
Oracle Retail Invoice Matching 13.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.1`	13.1
Oracle Retail Invoice Matching 14.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.0`	14
Oracle Retail MICROS 11.4 Oracle / Retail MICROS	`cpe:/a:oracle:micros:11.4`	11.4
Oracle Retail MICROS 12.1.2 Oracle / Retail MICROS	`cpe:/a:oracle:micros:12.1.2`	12.1.2
Oracle Retail MICROS 2.9.5.6 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.6`	2.9.5.6
Oracle Retail MICROS 2.9.5.7 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.7`	2.9.5.7
Oracle Retail Invoice Matching 15.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:15.0`	15
Oracle Retail Allocation 15.0.2 Oracle / Retail Allocation	`cpe:/a:oracle:retail_allocation:15.0.2`	15.0.2
Oracle Retail Invoice Matching 14.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.1`	14.1
NetApp ActiveIQ Unified Manager NetApp	`cpe:/a:netapp:active_iq_unified_manager:-`	—
Oracle Retail Xstore Point of Service 7.1 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.1`	7.1
Oracle Retail Workforce Management 1.60.9.0.0 Oracle / Retail Workforce Management	`cpe:/a:oracle:retail_workforce_management:1.60.9.0.0`	1.60.9.0.0
Oracle Retail Xstore Point of Service 7.0 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.0`	7
Oracle Retail Invoice Matching 13.2 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.2`	13.2
Oracle Retail Invoice Matching 13.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.0`	13
Oracle Retail Invoice Matching 12.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:12.0`	12

CVE-2018-7489

Affected products

Known affected 16 products

Product	Identifier	Version
Oracle Retail Invoice Matching 13.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.1`	13.1
Oracle Retail Invoice Matching 14.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.0`	14
Oracle Retail MICROS 11.4 Oracle / Retail MICROS	`cpe:/a:oracle:micros:11.4`	11.4
Oracle Retail MICROS 12.1.2 Oracle / Retail MICROS	`cpe:/a:oracle:micros:12.1.2`	12.1.2
Oracle Retail MICROS 2.9.5.6 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.6`	2.9.5.6
Oracle Retail MICROS 2.9.5.7 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.7`	2.9.5.7
Oracle Retail Invoice Matching 15.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:15.0`	15
Oracle Retail Allocation 15.0.2 Oracle / Retail Allocation	`cpe:/a:oracle:retail_allocation:15.0.2`	15.0.2
Oracle Retail Invoice Matching 14.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.1`	14.1
NetApp ActiveIQ Unified Manager NetApp	`cpe:/a:netapp:active_iq_unified_manager:-`	—
Oracle Retail Xstore Point of Service 7.1 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.1`	7.1
Oracle Retail Workforce Management 1.60.9.0.0 Oracle / Retail Workforce Management	`cpe:/a:oracle:retail_workforce_management:1.60.9.0.0`	1.60.9.0.0
Oracle Retail Xstore Point of Service 7.0 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.0`	7
Oracle Retail Invoice Matching 13.2 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.2`	13.2
Oracle Retail Invoice Matching 13.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.0`	13
Oracle Retail Invoice Matching 12.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:12.0`	12

CVE-2018-8034

Affected products

Known affected 16 products

Product	Identifier	Version
Oracle Retail Invoice Matching 13.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.1`	13.1
Oracle Retail Invoice Matching 14.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.0`	14
Oracle Retail MICROS 11.4 Oracle / Retail MICROS	`cpe:/a:oracle:micros:11.4`	11.4
Oracle Retail MICROS 12.1.2 Oracle / Retail MICROS	`cpe:/a:oracle:micros:12.1.2`	12.1.2
Oracle Retail MICROS 2.9.5.6 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.6`	2.9.5.6
Oracle Retail MICROS 2.9.5.7 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.7`	2.9.5.7
Oracle Retail Invoice Matching 15.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:15.0`	15
Oracle Retail Allocation 15.0.2 Oracle / Retail Allocation	`cpe:/a:oracle:retail_allocation:15.0.2`	15.0.2
Oracle Retail Invoice Matching 14.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.1`	14.1
NetApp ActiveIQ Unified Manager NetApp	`cpe:/a:netapp:active_iq_unified_manager:-`	—
Oracle Retail Xstore Point of Service 7.1 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.1`	7.1
Oracle Retail Workforce Management 1.60.9.0.0 Oracle / Retail Workforce Management	`cpe:/a:oracle:retail_workforce_management:1.60.9.0.0`	1.60.9.0.0
Oracle Retail Xstore Point of Service 7.0 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.0`	7
Oracle Retail Invoice Matching 13.2 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.2`	13.2
Oracle Retail Invoice Matching 13.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.0`	13
Oracle Retail Invoice Matching 12.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:12.0`	12

CVE-2019-2424

Affected products

Known affected 16 products

Product	Identifier	Version
Oracle Retail Invoice Matching 13.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.1`	13.1
Oracle Retail Invoice Matching 14.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.0`	14
Oracle Retail MICROS 11.4 Oracle / Retail MICROS	`cpe:/a:oracle:micros:11.4`	11.4
Oracle Retail MICROS 12.1.2 Oracle / Retail MICROS	`cpe:/a:oracle:micros:12.1.2`	12.1.2
Oracle Retail MICROS 2.9.5.6 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.6`	2.9.5.6
Oracle Retail MICROS 2.9.5.7 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.7`	2.9.5.7
Oracle Retail Invoice Matching 15.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:15.0`	15
Oracle Retail Allocation 15.0.2 Oracle / Retail Allocation	`cpe:/a:oracle:retail_allocation:15.0.2`	15.0.2
Oracle Retail Invoice Matching 14.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.1`	14.1
NetApp ActiveIQ Unified Manager NetApp	`cpe:/a:netapp:active_iq_unified_manager:-`	—
Oracle Retail Xstore Point of Service 7.1 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.1`	7.1
Oracle Retail Workforce Management 1.60.9.0.0 Oracle / Retail Workforce Management	`cpe:/a:oracle:retail_workforce_management:1.60.9.0.0`	1.60.9.0.0
Oracle Retail Xstore Point of Service 7.0 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.0`	7
Oracle Retail Invoice Matching 13.2 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.2`	13.2
Oracle Retail Invoice Matching 13.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.0`	13
Oracle Retail Invoice Matching 12.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:12.0`	12

CVE-2019-2558

Affected products

Known affected 16 products

Product	Identifier	Version
Oracle Retail Invoice Matching 13.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.1`	13.1
Oracle Retail Invoice Matching 14.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.0`	14
Oracle Retail MICROS 11.4 Oracle / Retail MICROS	`cpe:/a:oracle:micros:11.4`	11.4
Oracle Retail MICROS 12.1.2 Oracle / Retail MICROS	`cpe:/a:oracle:micros:12.1.2`	12.1.2
Oracle Retail MICROS 2.9.5.6 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.6`	2.9.5.6
Oracle Retail MICROS 2.9.5.7 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.7`	2.9.5.7
Oracle Retail Invoice Matching 15.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:15.0`	15
Oracle Retail Allocation 15.0.2 Oracle / Retail Allocation	`cpe:/a:oracle:retail_allocation:15.0.2`	15.0.2
Oracle Retail Invoice Matching 14.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.1`	14.1
NetApp ActiveIQ Unified Manager NetApp	`cpe:/a:netapp:active_iq_unified_manager:-`	—
Oracle Retail Xstore Point of Service 7.1 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.1`	7.1
Oracle Retail Workforce Management 1.60.9.0.0 Oracle / Retail Workforce Management	`cpe:/a:oracle:retail_workforce_management:1.60.9.0.0`	1.60.9.0.0
Oracle Retail Xstore Point of Service 7.0 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.0`	7
Oracle Retail Invoice Matching 13.2 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.2`	13.2
Oracle Retail Invoice Matching 13.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.0`	13
Oracle Retail Invoice Matching 12.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:12.0`	12

CVE-2019-3772

Affected products

Known affected 16 products

Product	Identifier	Version
Oracle Retail Invoice Matching 13.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.1`	13.1
Oracle Retail Invoice Matching 14.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.0`	14
Oracle Retail MICROS 11.4 Oracle / Retail MICROS	`cpe:/a:oracle:micros:11.4`	11.4
Oracle Retail MICROS 12.1.2 Oracle / Retail MICROS	`cpe:/a:oracle:micros:12.1.2`	12.1.2
Oracle Retail MICROS 2.9.5.6 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.6`	2.9.5.6
Oracle Retail MICROS 2.9.5.7 Oracle / Retail MICROS	`cpe:/a:oracle:micros:2.9.5.7`	2.9.5.7
Oracle Retail Invoice Matching 15.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:15.0`	15
Oracle Retail Allocation 15.0.2 Oracle / Retail Allocation	`cpe:/a:oracle:retail_allocation:15.0.2`	15.0.2
Oracle Retail Invoice Matching 14.1 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:14.1`	14.1
NetApp ActiveIQ Unified Manager NetApp	`cpe:/a:netapp:active_iq_unified_manager:-`	—
Oracle Retail Xstore Point of Service 7.1 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.1`	7.1
Oracle Retail Workforce Management 1.60.9.0.0 Oracle / Retail Workforce Management	`cpe:/a:oracle:retail_workforce_management:1.60.9.0.0`	1.60.9.0.0
Oracle Retail Xstore Point of Service 7.0 Oracle / Retail Xstore Point of Service	`cpe:/a:oracle:retail_point-of-service:7.0`	7
Oracle Retail Invoice Matching 13.2 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.2`	13.2
Oracle Retail Invoice Matching 13.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:13.0`	13
Oracle Retail Invoice Matching 12.0 Oracle / Retail Invoice Matching	`cpe:/a:oracle:retail_invoice_matching:12.0`	12

References

4 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.oracle.com/technetwork/security-advis…	external
https://security.netapp.com/advisory/ntap-2024071…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Oracle Retail Allocation ist ein Verwaltungswerkzeug.\r\nOracle MICROS bietet eine Reihe von Software, Hardware und Dienstleistungen zusammen mit schnell wachsenden Cloud L\u00f6sungen f\u00fcr Abrechnung und Verwaltung in Unternehmen des Hotel- und Gastst\u00e4ttengewerbes, Reiseveranstalter und Veranstaltern von Kreuzfahrten sowie in Unternehmen der Freizeit- und Unterhaltungsbranche.\r\nOracle Invoice Matching ist ein Tool zum Verwalten von Lieferantenrechnungen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Oracle Retail Applications ausnutzen, um dadurch die Integrit\u00e4t, Vertraulichkeit und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1682 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2019/wid-sec-w-2024-1682.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1682 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1682"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - April 2019 vom 2019-04-16",
        "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixRAPP"
      },
      {
        "category": "external",
        "summary": "NetApp Security Advisory NTAP-20240719-0002 vom 2024-07-19",
        "url": "https://security.netapp.com/advisory/ntap-20240719-0002/"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Retail Applications: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-07-21T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:11:37.885+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-1682",
      "initial_release_date": "2019-04-16T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2019-04-16T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-07-21T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von NetApp aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "NetApp ActiveIQ Unified Manager",
            "product": {
              "name": "NetApp ActiveIQ Unified Manager",
              "product_id": "T034125",
              "product_identification_helper": {
                "cpe": "cpe:/a:netapp:active_iq_unified_manager:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "NetApp"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "15.0.2",
                "product": {
                  "name": "Oracle Retail Allocation 15.0.2",
                  "product_id": "T014004",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:retail_allocation:15.0.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Retail Allocation"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "12",
                "product": {
                  "name": "Oracle Retail Invoice Matching 12.0",
                  "product_id": "T001982",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:retail_invoice_matching:12.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "13",
                "product": {
                  "name": "Oracle Retail Invoice Matching 13.0",
                  "product_id": "T001985",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:retail_invoice_matching:13.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "13.2",
                "product": {
                  "name": "Oracle Retail Invoice Matching 13.2",
                  "product_id": "T001987",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:retail_invoice_matching:13.2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "14",
                "product": {
                  "name": "Oracle Retail Invoice Matching 14.0",
                  "product_id": "T004005",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:retail_invoice_matching:14.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "13.1",
                "product": {
                  "name": "Oracle Retail Invoice Matching 13.1",
                  "product_id": "T004011",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:retail_invoice_matching:13.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "15",
                "product": {
                  "name": "Oracle Retail Invoice Matching 15.0",
                  "product_id": "T012089",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:retail_invoice_matching:15.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "14.1",
                "product": {
                  "name": "Oracle Retail Invoice Matching 14.1",
                  "product_id": "T014012",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:retail_invoice_matching:14.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Retail Invoice Matching"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "2.9.5.6",
                "product": {
                  "name": "Oracle Retail MICROS 2.9.5.6",
                  "product_id": "T014005",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:micros:2.9.5.6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "2.9.5.7",
                "product": {
                  "name": "Oracle Retail MICROS 2.9.5.7",
                  "product_id": "T014006",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:micros:2.9.5.7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "11.4",
                "product": {
                  "name": "Oracle Retail MICROS 11.4",
                  "product_id": "T014007",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:micros:11.4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "12.1.2",
                "product": {
                  "name": "Oracle Retail MICROS 12.1.2",
                  "product_id": "T014008",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:micros:12.1.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Retail MICROS"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1.60.9.0.0",
                "product": {
                  "name": "Oracle Retail Workforce Management 1.60.9.0.0",
                  "product_id": "T014013",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:retail_workforce_management:1.60.9.0.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Retail Workforce Management"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "7",
                "product": {
                  "name": "Oracle Retail Xstore Point of Service 7.0",
                  "product_id": "T012096",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:retail_point-of-service:7.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.1",
                "product": {
                  "name": "Oracle Retail Xstore Point of Service 7.1",
                  "product_id": "T012099",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:retail_point-of-service:7.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Retail Xstore Point of Service"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2014-9515",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T004011",
          "T004005",
          "T014007",
          "T014008",
          "T014005",
          "T014006",
          "T012089",
          "T014004",
          "T014012",
          "T034125",
          "T012099",
          "T014013",
          "T012096",
          "T001987",
          "T001985",
          "T001982"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2014-9515"
    },
    {
      "cve": "CVE-2015-9251",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T004011",
          "T004005",
          "T014007",
          "T014008",
          "T014005",
          "T014006",
          "T012089",
          "T014004",
          "T014012",
          "T034125",
          "T012099",
          "T014013",
          "T012096",
          "T001987",
          "T001985",
          "T001982"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2015-9251"
    },
    {
      "cve": "CVE-2016-1000031",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T004011",
          "T004005",
          "T014007",
          "T014008",
          "T014005",
          "T014006",
          "T012089",
          "T014004",
          "T014012",
          "T034125",
          "T012099",
          "T014013",
          "T012096",
          "T001987",
          "T001985",
          "T001982"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2016-1000031"
    },
    {
      "cve": "CVE-2017-5533",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T004011",
          "T004005",
          "T014007",
          "T014008",
          "T014005",
          "T014006",
          "T012089",
          "T014004",
          "T014012",
          "T034125",
          "T012099",
          "T014013",
          "T012096",
          "T001987",
          "T001985",
          "T001982"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2017-5533"
    },
    {
      "cve": "CVE-2018-1000180",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T004011",
          "T004005",
          "T014007",
          "T014008",
          "T014005",
          "T014006",
          "T012089",
          "T014004",
          "T014012",
          "T034125",
          "T012099",
          "T014013",
          "T012096",
          "T001987",
          "T001985",
          "T001982"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-1000180"
    },
    {
      "cve": "CVE-2018-1000613",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T004011",
          "T004005",
          "T014007",
          "T014008",
          "T014005",
          "T014006",
          "T012089",
          "T014004",
          "T014012",
          "T034125",
          "T012099",
          "T014013",
          "T012096",
          "T001987",
          "T001985",
          "T001982"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-1000613"
    },
    {
      "cve": "CVE-2018-11763",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T004011",
          "T004005",
          "T014007",
          "T014008",
          "T014005",
          "T014006",
          "T012089",
          "T014004",
          "T014012",
          "T034125",
          "T012099",
          "T014013",
          "T012096",
          "T001987",
          "T001985",
          "T001982"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-11763"
    },
    {
      "cve": "CVE-2018-11784",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T004011",
          "T004005",
          "T014007",
          "T014008",
          "T014005",
          "T014006",
          "T012089",
          "T014004",
          "T014012",
          "T034125",
          "T012099",
          "T014013",
          "T012096",
          "T001987",
          "T001985",
          "T001982"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-11784"
    },
    {
      "cve": "CVE-2018-12022",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T004011",
          "T004005",
          "T014007",
          "T014008",
          "T014005",
          "T014006",
          "T012089",
          "T014004",
          "T014012",
          "T034125",
          "T012099",
          "T014013",
          "T012096",
          "T001987",
          "T001985",
          "T001982"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-12022"
    },
    {
      "cve": "CVE-2018-12023",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T004011",
          "T004005",
          "T014007",
          "T014008",
          "T014005",
          "T014006",
          "T012089",
          "T014004",
          "T014012",
          "T034125",
          "T012099",
          "T014013",
          "T012096",
          "T001987",
          "T001985",
          "T001982"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-12023"
    },
    {
      "cve": "CVE-2018-1304",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T004011",
          "T004005",
          "T014007",
          "T014008",
          "T014005",
          "T014006",
          "T012089",
          "T014004",
          "T014012",
          "T034125",
          "T012099",
          "T014013",
          "T012096",
          "T001987",
          "T001985",
          "T001982"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-1304"
    },
    {
      "cve": "CVE-2018-1305",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T004011",
          "T004005",
          "T014007",
          "T014008",
          "T014005",
          "T014006",
          "T012089",
          "T014004",
          "T014012",
          "T034125",
          "T012099",
          "T014013",
          "T012096",
          "T001987",
          "T001985",
          "T001982"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-1305"
    },
    {
      "cve": "CVE-2018-14718",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T004011",
          "T004005",
          "T014007",
          "T014008",
          "T014005",
          "T014006",
          "T012089",
          "T014004",
          "T014012",
          "T034125",
          "T012099",
          "T014013",
          "T012096",
          "T001987",
          "T001985",
          "T001982"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-14718"
    },
    {
      "cve": "CVE-2018-14719",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T004011",
          "T004005",
          "T014007",
          "T014008",
          "T014005",
          "T014006",
          "T012089",
          "T014004",
          "T014012",
          "T034125",
          "T012099",
          "T014013",
          "T012096",
          "T001987",
          "T001985",
          "T001982"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-14719"
    },
    {
      "cve": "CVE-2018-14720",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T004011",
          "T004005",
          "T014007",
          "T014008",
          "T014005",
          "T014006",
          "T012089",
          "T014004",
          "T014012",
          "T034125",
          "T012099",
          "T014013",
          "T012096",
          "T001987",
          "T001985",
          "T001982"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-14720"
    },
    {
      "cve": "CVE-2018-14721",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T004011",
          "T004005",
          "T014007",
          "T014008",
          "T014005",
          "T014006",
          "T012089",
          "T014004",
          "T014012",
          "T034125",
          "T012099",
          "T014013",
          "T012096",
          "T001987",
          "T001985",
          "T001982"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-14721"
    },
    {
      "cve": "CVE-2018-15756",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T004011",
          "T004005",
          "T014007",
          "T014008",
          "T014005",
          "T014006",
          "T012089",
          "T014004",
          "T014012",
          "T034125",
          "T012099",
          "T014013",
          "T012096",
          "T001987",
          "T001985",
          "T001982"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-15756"
    },
    {
      "cve": "CVE-2018-19360",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T004011",
          "T004005",
          "T014007",
          "T014008",
          "T014005",
          "T014006",
          "T012089",
          "T014004",
          "T014012",
          "T034125",
          "T012099",
          "T014013",
          "T012096",
          "T001987",
          "T001985",
          "T001982"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-19360"
    },
    {
      "cve": "CVE-2018-19361",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T004011",
          "T004005",
          "T014007",
          "T014008",
          "T014005",
          "T014006",
          "T012089",
          "T014004",
          "T014012",
          "T034125",
          "T012099",
          "T014013",
          "T012096",
          "T001987",
          "T001985",
          "T001982"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-19361"
    },
    {
      "cve": "CVE-2018-19362",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T004011",
          "T004005",
          "T014007",
          "T014008",
          "T014005",
          "T014006",
          "T012089",
          "T014004",
          "T014012",
          "T034125",
          "T012099",
          "T014013",
          "T012096",
          "T001987",
          "T001985",
          "T001982"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-19362"
    },
    {
      "cve": "CVE-2018-2880",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T004011",
          "T004005",
          "T014007",
          "T014008",
          "T014005",
          "T014006",
          "T012089",
          "T014004",
          "T014012",
          "T034125",
          "T012099",
          "T014013",
          "T012096",
          "T001987",
          "T001985",
          "T001982"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-2880"
    },
    {
      "cve": "CVE-2018-3120",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T004011",
          "T004005",
          "T014007",
          "T014008",
          "T014005",
          "T014006",
          "T012089",
          "T014004",
          "T014012",
          "T034125",
          "T012099",
          "T014013",
          "T012096",
          "T001987",
          "T001985",
          "T001982"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-3120"
    },
    {
      "cve": "CVE-2018-3312",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T004011",
          "T004005",
          "T014007",
          "T014008",
          "T014005",
          "T014006",
          "T012089",
          "T014004",
          "T014012",
          "T034125",
          "T012099",
          "T014013",
          "T012096",
          "T001987",
          "T001985",
          "T001982"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-3312"
    },
    {
      "cve": "CVE-2018-3314",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T004011",
          "T004005",
          "T014007",
          "T014008",
          "T014005",
          "T014006",
          "T012089",
          "T014004",
          "T014012",
          "T034125",
          "T012099",
          "T014013",
          "T012096",
          "T001987",
          "T001985",
          "T001982"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-3314"
    },
    {
      "cve": "CVE-2018-7489",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T004011",
          "T004005",
          "T014007",
          "T014008",
          "T014005",
          "T014006",
          "T012089",
          "T014004",
          "T014012",
          "T034125",
          "T012099",
          "T014013",
          "T012096",
          "T001987",
          "T001985",
          "T001982"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-7489"
    },
    {
      "cve": "CVE-2018-8034",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T004011",
          "T004005",
          "T014007",
          "T014008",
          "T014005",
          "T014006",
          "T012089",
          "T014004",
          "T014012",
          "T034125",
          "T012099",
          "T014013",
          "T012096",
          "T001987",
          "T001985",
          "T001982"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-8034"
    },
    {
      "cve": "CVE-2019-2424",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T004011",
          "T004005",
          "T014007",
          "T014008",
          "T014005",
          "T014006",
          "T012089",
          "T014004",
          "T014012",
          "T034125",
          "T012099",
          "T014013",
          "T012096",
          "T001987",
          "T001985",
          "T001982"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2019-2424"
    },
    {
      "cve": "CVE-2019-2558",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T004011",
          "T004005",
          "T014007",
          "T014008",
          "T014005",
          "T014006",
          "T012089",
          "T014004",
          "T014012",
          "T034125",
          "T012099",
          "T014013",
          "T012096",
          "T001987",
          "T001985",
          "T001982"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2019-2558"
    },
    {
      "cve": "CVE-2019-3772",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T004011",
          "T004005",
          "T014007",
          "T014008",
          "T014005",
          "T014006",
          "T012089",
          "T014004",
          "T014012",
          "T034125",
          "T012099",
          "T014013",
          "T012096",
          "T001987",
          "T001985",
          "T001982"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2019-3772"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-8034 (GCVE-0-2018-8034)

SUSE-SU-2018:2699-1

SUSE-SU-2018:3011-1

SUSE-SU-2018:3261-1

SUSE-SU-2018:3388-1

WID-SEC-W-2024-0528

WID-SEC-W-2024-1682

Tags

Sightings

Nomenclature