Added |
CVSS V3 |
|
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
|
Added |
CVSS V2 |
|
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
|
Added |
CWE |
|
CWE-601
|
Added |
CPE Configuration |
|
OR
*cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 7.0.23 up to (including) 7.0.90
*cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 8.5.0 up to (including) 8.5.33
*cpe:2.3:a:apache:tomcat:9.0.0:*:*:*:*:*:*:*
*cpe:2.3:a:apache:tomcat:9.0.0:m1:*:*:*:*:*:*
*cpe:2.3:a:apache:tomcat:9.0.0:m10:*:*:*:*:*:*
*cpe:2.3:a:apache:tomcat:9.0.0:m11:*:*:*:*:*:*
*cpe:2.3:a:apache:tomcat:9.0.0:m12:*:*:*:*:*:*
*cpe:2.3:a:apache:tomcat:9.0.0:m13:*:*:*:*:*:*
*cpe:2.3:a:apache:tomcat:9.0.0:m14:*:*:*:*:*:*
*cpe:2.3:a:apache:tomcat:9.0.0:m15:*:*:*:*:*:*
*cpe:2.3:a:apache:tomcat:9.0.0:m16:*:*:*:*:*:*
*cpe:2.3:a:apache:tomcat:9.0.0:m17:*:*:*:*:*:*
*cpe:2.3:a:apache:tomcat:9.0.0:m18:*:*:*:*:*:*
*cpe:2.3:a:apache:tomcat:9.0.0:m19:*:*:*:*:*:*
*cpe:2.3:a:apache:tomcat:9.0.0:m2:*:*:*:*:*:*
*cpe:2.3:a:apache:tomcat:9.0.0:m20:*:*:*:*:*:*
*cpe:2.3:a:apache:tomcat:9.0.0:m21:*:*:*:*:*:*
*cpe:2.3:a:apache:tomcat:9.0.0:m22:*:*:*:*:*:*
*cpe:2.3:a:apache:tomcat:9.0.0:m23:*:*:*:*:*:*
*cpe:2.3:a:apache:tomcat:9.0.0:m24:*:*:*:*:*:*
*cpe:2.3:a:apache:tomcat:9.0.0:m25:*:*:*:*:*:*
*cpe:2.3:a:apache:tomcat:9.0.0:m26:*:*:*:*:*:*
*cpe:2.3:a:apache:tomcat:9.0.0:m27:*:*:*:*:*:*
*cpe:2.3:a:apache:tomcat:9.0.0:m3:*:*:*:*:*:*
*cpe:2.3:a:apache:tomcat:9.0.0:m4:*:*:*:*:*:*
*cpe:2.3:a:apache:tomcat:9.0.0:m5:*:*:*:*:*:*
*cpe:2.3:a:apache:tomcat:9.0.0:m6:*:*:*:*:*:*
*cpe:2.3:a:apache:tomcat:9.0.0:m7:*:*:*:*:*:*
*cpe:2.3:a:apache:tomcat:9.0.0:m8:*:*:*:*:*:*
*cpe:2.3:a:apache:tomcat:9.0.0:m9:*:*:*:*:*:*
*cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from (including) 9.0.1 up to (including) 9.0.11
|
Added |
CPE Configuration |
|
OR
*cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
|
Added |
CPE Configuration |
|
OR
*cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
*cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
|
Added |
CPE Configuration |
|
OR
*cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
|
Changed |
Reference Type |
http://www.securityfocus.com/bid/105524 No Types Assigned
|
http://www.securityfocus.com/bid/105524 Third Party Advisory, VDB Entry
|
Changed |
Reference Type |
https://lists.apache.org/thread.html/23134c9b5a23892a205dc140cdd8c9c0add233600f76b313dda6bd75@%3Cannounce.tomcat.apache.org%3E No Types Assigned
|
https://lists.apache.org/thread.html/23134c9b5a23892a205dc140cdd8c9c0add233600f76b313dda6bd75@%3Cannounce.tomcat.apache.org%3E Mailing List, Vendor Advisory
|
Changed |
Reference Type |
https://lists.debian.org/debian-lts-announce/2018/10/msg00005.html No Types Assigned
|
https://lists.debian.org/debian-lts-announce/2018/10/msg00005.html Third Party Advisory
|
Changed |
Reference Type |
https://lists.debian.org/debian-lts-announce/2018/10/msg00006.html No Types Assigned
|
https://lists.debian.org/debian-lts-announce/2018/10/msg00006.html Third Party Advisory
|
Changed |
Reference Type |
https://security.netapp.com/advisory/ntap-20181014-0002/ No Types Assigned
|
https://security.netapp.com/advisory/ntap-20181014-0002/ Third Party Advisory
|
Changed |
Reference Type |
https://usn.ubuntu.com/3787-1/ No Types Assigned
|
https://usn.ubuntu.com/3787-1/ Third Party Advisory
|
Added |
CVSS V2 Metadata |
|
Victim must voluntarily interact with attack mechanism
|