CVE-2018-1304

Published: Feb 28, 2018Modified: Nov 21, 2024

5.9

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected.

Affected (49)

Products: Apache: Tomcat · Redhat: Jboss Enterprise Application Platform, Jboss Enterprise Web Server, Jboss Middleware · Debian: Debian Linux · +2 more

Show all products

Apache: Tomcat · Redhat: Jboss Enterprise Application Platform, Jboss Enterprise Web Server, Jboss Middleware · Debian: Debian Linux · Canonical: Ubuntu Linux · Oracle: Fusion Middleware, Hospitality Guest Access, Micros Relate Crm Software, Secure Global Desktop

Apache

1 product

Tomcat

Redhat

3 products

Jboss Enterprise Application Platform

Jboss Enterprise Web Server

1 product

1 product

4 products

Hospitality Guest Access

Micros Relate Crm Software

Secure Global Desktop

Configuration A

32 vulnerable

Vulnerable Software	Affected Versions
Apache Tomcat	From 7.0.0 to 7.0.84
Apache Tomcat	From 8.0.0 to 8.0.49
Apache Tomcat	From 8.5.0 to 8.5.27
Apache Tomcat	From 9.0.0 to 9.0.4
Apache Tomcat	Version 8.0.0 rc1
Apache Tomcat	Version 9.0.0 milestone10
Apache Tomcat	Version 9.0.0 milestone11
Apache Tomcat	Version 9.0.0 milestone12
Apache Tomcat	Version 9.0.0 milestone13
Apache Tomcat	Version 9.0.0 milestone14
Apache Tomcat	Version 9.0.0 milestone15
Apache Tomcat	Version 9.0.0 milestone16
Apache Tomcat	Version 9.0.0 milestone17
Apache Tomcat	Version 9.0.0 milestone18
Apache Tomcat	Version 9.0.0 milestone19
Apache Tomcat	Version 9.0.0 milestone1
Apache Tomcat	Version 9.0.0 milestone20
Apache Tomcat	Version 9.0.0 milestone21
Apache Tomcat	Version 9.0.0 milestone22
Apache Tomcat	Version 9.0.0 milestone23
Apache Tomcat	Version 9.0.0 milestone24
Apache Tomcat	Version 9.0.0 milestone25
Apache Tomcat	Version 9.0.0 milestone26
Apache Tomcat	Version 9.0.0 milestone27
Apache Tomcat	Version 9.0.0 milestone2
Apache Tomcat	Version 9.0.0 milestone3
Apache Tomcat	Version 9.0.0 milestone4
Apache Tomcat	Version 9.0.0 milestone5
Apache Tomcat	Version 9.0.0 milestone6
Apache Tomcat	Version 9.0.0 milestone7
Apache Tomcat	Version 9.0.0 milestone8
Apache Tomcat	Version 9.0.0 milestone9

Configuration B

3 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Redhat Jboss Enterprise Application Platform	Version 6.4
Redhat Jboss Enterprise Application Platform	Version 6
Redhat Jboss Enterprise Web Server	Version 3.0.0

Running on/with	Platform Versions
Redhat Enterprise Linux	Version 6.0
Redhat Enterprise Linux	Version 7.0

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Configuration D

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 17.10
Canonical Ubuntu Linux	Version 18.04

Configuration E

6 vulnerable

Vulnerable Software	Affected Versions
Oracle Fusion Middleware	Version 12.2.1.3.0
Oracle Hospitality Guest Access	Version 4.2.0
Oracle Hospitality Guest Access	Version 4.2.1
Oracle Micros Relate Crm Software	Version 11.4
Oracle Secure Global Desktop	Version 5.3
Oracle Secure Global Desktop	Version 5.4

Configuration F

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Jboss Middleware	Version 1

References (80)

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Source: security@apache.org

PatchThird Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Source: security@apache.org

PatchThird Party Advisory

http://www.securityfocus.com/bid/103170

Source: security@apache.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040427

Source: security@apache.org

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2018:0465

Source: security@apache.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:0466

Source: security@apache.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1320

Source: security@apache.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1447

Source: security@apache.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1448

Source: security@apache.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1449

Source: security@apache.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1450

Source: security@apache.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:1451

Source: security@apache.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2939

Source: security@apache.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2205

Source: security@apache.org

https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/b1d7e2425d6fd2cebed40d318f9365b44546077e10949b01b1f8a0fb%40%3Cannounce.tomcat.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E

Source: security@apache.org

https://lists.debian.org/debian-lts-announce/2018/03/msg00004.html

Source: security@apache.org

Issue TrackingThird Party Advisory

https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html

Source: security@apache.org

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2018/07/msg00044.html

Source: security@apache.org

Mailing ListThird Party Advisory

https://security.netapp.com/advisory/ntap-20180706-0001/

Source: security@apache.org

PatchThird Party Advisory

https://usn.ubuntu.com/3665-1/

Source: security@apache.org

Third Party Advisory

https://www.debian.org/security/2018/dsa-4281

Source: security@apache.org

Third Party Advisory

https://www.oracle.com/security-alerts/cpuapr2020.html

Source: security@apache.org

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Source: security@apache.org

PatchThird Party Advisory

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Source: security@apache.org

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html