NVD - CVE-2018-8034

Vulnerability Change Records for CVE-2018-8034

Change History

Initial Analysis by NIST 10/10/2018 3:01:16 PM

Action	Type	Old Value	New Value
Added	CVSS V3		AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Added	CVSS V2		(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Added	CWE		CWE-295
Added	CPE Configuration		OR cpe:2.3:a:apache:tomcat::::::::* versions from (including) 7.0.35 up to (including) 7.0.88. cpe:2.3:a:apache:tomcat::::::::* versions from (including) 8.0.0 up to (including) 8.0.52 cpe:2.3:a:apache:tomcat:8.0.0:rc1::::::* cpe:2.3:a:apache:tomcat:8.0.0:rc10::::::* cpe:2.3:a:apache:tomcat:8.0.0:rc2::::::* cpe:2.3:a:apache:tomcat:8.0.0:rc3::::::* cpe:2.3:a:apache:tomcat:8.0.0:rc4::::::* cpe:2.3:a:apache:tomcat:8.0.0:rc5::::::* cpe:2.3:a:apache:tomcat:8.0.0:rc6::::::* cpe:2.3:a:apache:tomcat:8.0.0:rc7::::::* cpe:2.3:a:apache:tomcat:8.0.0:rc8::::::* cpe:2.3:a:apache:tomcat:8.0.0:rc9::::::* cpe:2.3:a:apache:tomcat::::::::* versions from (including) 8.5.0 up to (including) 8.5.31 cpe:2.3:a:apache:tomcat:9.0.0:m1::::::* cpe:2.3:a:apache:tomcat:9.0.0:m10::::::* cpe:2.3:a:apache:tomcat:9.0.0:m11::::::* cpe:2.3:a:apache:tomcat:9.0.0:m12::::::* cpe:2.3:a:apache:tomcat:9.0.0:m13::::::* cpe:2.3:a:apache:tomcat:9.0.0:m14::::::* cpe:2.3:a:apache:tomcat:9.0.0:m15::::::* cpe:2.3:a:apache:tomcat:9.0.0:m16::::::* cpe:2.3:a:apache:tomcat:9.0.0:m17::::::* cpe:2.3:a:apache:tomcat:9.0.0:m18::::::* cpe:2.3:a:apache:tomcat:9.0.0:m19::::::* cpe:2.3:a:apache:tomcat:9.0.0:m2::::::* cpe:2.3:a:apache:tomcat:9.0.0:m20::::::* cpe:2.3:a:apache:tomcat:9.0.0:m21::::::* cpe:2.3:a:apache:tomcat:9.0.0:m22::::::* cpe:2.3:a:apache:tomcat:9.0.0:m23::::::* cpe:2.3:a:apache:tomcat:9.0.0:m24::::::* cpe:2.3:a:apache:tomcat:9.0.0:m25::::::* cpe:2.3:a:apache:tomcat:9.0.0:m26::::::* cpe:2.3:a:apache:tomcat:9.0.0:m27::::::* cpe:2.3:a:apache:tomcat:9.0.0:m3::::::* cpe:2.3:a:apache:tomcat:9.0.0:m4::::::* cpe:2.3:a:apache:tomcat:9.0.0:m5::::::* cpe:2.3:a:apache:tomcat:9.0.0:m6::::::* cpe:2.3:a:apache:tomcat:9.0.0:m7::::::* cpe:2.3:a:apache:tomcat:9.0.0:m8::::::* cpe:2.3:a:apache:tomcat:9.0.0:m9::::::* cpe:2.3:a:apache:tomcat::::::::* versions from (including) 9.0.1 up to (including) 9.0.9
Added	CPE Configuration		OR cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::* cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::* cpe:2.3:o:debian:debian_linux:8.0::::::: cpe:2.3:o:debian:debian_linux:9.0:::::::
Changed	Reference Type	http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722091057.GA70283@minotaur.apache.org%3E No Types Assigned	http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722091057.GA70283@minotaur.apache.org%3E Mailing List, Vendor Advisory
Changed	Reference Type	http://www.securityfocus.com/bid/104895 No Types Assigned	http://www.securityfocus.com/bid/104895 Third Party Advisory, VDB Entry
Changed	Reference Type	http://www.securitytracker.com/id/1041374 No Types Assigned	http://www.securitytracker.com/id/1041374 Third Party Advisory, VDB Entry
Changed	Reference Type	https://lists.debian.org/debian-lts-announce/2018/07/msg00047.html No Types Assigned	https://lists.debian.org/debian-lts-announce/2018/07/msg00047.html Third Party Advisory
Changed	Reference Type	https://lists.debian.org/debian-lts-announce/2018/09/msg00001.html No Types Assigned	https://lists.debian.org/debian-lts-announce/2018/09/msg00001.html Third Party Advisory
Changed	Reference Type	https://security.netapp.com/advisory/ntap-20180817-0001/ No Types Assigned	https://security.netapp.com/advisory/ntap-20180817-0001/ Third Party Advisory
Changed	Reference Type	https://usn.ubuntu.com/3723-1/ No Types Assigned	https://usn.ubuntu.com/3723-1/ Third Party Advisory
Changed	Reference Type	https://www.debian.org/security/2018/dsa-4281 No Types Assigned	https://www.debian.org/security/2018/dsa-4281 Third Party Advisory