CVE-2018-1304 - Vulnerability Details

- tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources

Description

The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected.

Published: 2018-02-28

Score: 5.9 Medium

EPSS: 2.1% Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Apache Software Foundation

Apache Tomcat

affected

Version	Status	Constraints
`Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49, 7.0.0 to 7.0.84`	affected	—

Configuration 1 [-]

OR	cpe:2.3:a:apache:tomcat::::::::
	cpe:2.3:a:apache:tomcat::::::::
	cpe:2.3:a:apache:tomcat::::::::
	cpe:2.3:a:apache:tomcat::::::::
	cpe:2.3:a:apache:tomcat:8.0.0:rc1::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone1::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone10::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone11::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone12::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone13::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone14::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone15::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone16::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone17::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone18::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone19::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone2::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone20::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone21::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone22::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone23::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone24::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone25::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone26::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone27::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone3::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone4::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone5::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone6::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone7::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone8::::::
	cpe:2.3:a:apache:tomcat:9.0.0:milestone9::::::

Configuration 2 [-]

AND

OR	cpe:2.3:a:redhat:jboss_enterprise_application_platform:6:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:::::::*

OR	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:debian:debian_linux:7.0:::::::*
	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration 4 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

Configuration 5 [-]

OR	cpe:2.3:a:oracle:fusion_middleware:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:::::::*
	cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:::::::*
	cpe:2.3:a:oracle:micros_relate_crm_software:11.4:::::::*
	cpe:2.3:a:oracle:secure_global_desktop:5.3:::::::*
	cpe:2.3:a:oracle:secure_global_desktop:5.4:::::::*

Configuration 6 [-]

cpe:2.3:a:redhat:jboss_middleware:1:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7
tomcat-0:7.0.76-9.el7	cpe:/o:redhat:enterprise_linux:7	RHSA-2019:2205	2019-08-06T00:00:00Z
Red Hat Fuse Intergration Services 2.0 based on Fuse 6.3 R8
	cpe:/a:redhat:jboss_fuse:6.3	RHSA-2018:2939	2018-10-17T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6.4
jbossweb	cpe:/a:redhat:jboss_enterprise_application_platform:6.4	RHSA-2018:1447	2018-05-14T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5
codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2018:1450	2018-05-14T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6
codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1449	2018-05-14T00:00:00Z
jboss-ec2-eap-0:7.5.20-1.Final_redhat_1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2018:1451	2018-05-14T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7
codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2018:1448	2018-05-14T00:00:00Z
Red Hat JBoss Web Server 3.1
	cpe:/a:redhat:jboss_enterprise_web_server:3.1	RHSA-2018:0465	2018-03-07T00:00:00Z
Red Hat JBoss Web Server 3 for RHEL 6
mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6	RHSA-2018:0466	2018-03-07T00:00:00Z
tomcat7-0:7.0.70-25.ep7.el6	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6	RHSA-2018:0466	2018-03-07T00:00:00Z
tomcat8-0:8.0.36-29.ep7.el6	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6	RHSA-2018:0466	2018-03-07T00:00:00Z
tomcat-native-0:1.2.8-11.redhat_11.ep7.el6	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6	RHSA-2018:0466	2018-03-07T00:00:00Z
tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6	RHSA-2018:0466	2018-03-07T00:00:00Z
Red Hat JBoss Web Server 3 for RHEL 7
mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7	RHSA-2018:0466	2018-03-07T00:00:00Z
tomcat7-0:7.0.70-25.ep7.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7	RHSA-2018:0466	2018-03-07T00:00:00Z
tomcat8-0:8.0.36-29.ep7.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7	RHSA-2018:0466	2018-03-07T00:00:00Z
tomcat-native-0:1.2.8-11.redhat_11.ep7.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7	RHSA-2018:0466	2018-03-07T00:00:00Z
tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7	RHSA-2018:0466	2018-03-07T00:00:00Z
Red Hat Openshift Application Runtimes
	cpe:/a:redhat:openshift_application_runtimes:1.0	RHSA-2018:1320	2018-05-03T00:00:00Z

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-1301-1	tomcat7 security update
Debian DLA	DLA-1400-1	tomcat7 security update
Debian DLA	DLA-1450-1	tomcat8 security update
Debian DSA	DSA-4281-1	tomcat8 security update
EUVD	EUVD-2018-0522	The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected.
Github GHSA	GHSA-6rxj-58jh-436r	Apache Tomcat unauthorized access vulnerability
Ubuntu USN	USN-3665-1	Tomcat vulnerabilities

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.02075.

Key SSVC decision points have not yet been added.

References

Link	Providers
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/103170
http://www.securitytracker.com/id/1040427
https://access.redhat.com/errata/RHSA-2018:0465
https://access.redhat.com/errata/RHSA-2018:0466
https://access.redhat.com/errata/RHSA-2018:1320
https://access.redhat.com/errata/RHSA-2018:1447
https://access.redhat.com/errata/RHSA-2018:1448
https://access.redhat.com/errata/RHSA-2018:1449
https://access.redhat.com/errata/RHSA-2018:1450
https://access.redhat.com/errata/RHSA-2018:1451
https://access.redhat.com/errata/RHSA-2018:2939
https://access.redhat.com/errata/RHSA-2019:2205
https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b1d7e2425d6fd2cebed40d318f9365b44546077e10949b01b1f8a0fb%40%3Cannounce.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E
https://lists.debian.org/debian-lts-announce/2018/03/msg00004.html
https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html
https://lists.debian.org/debian-lts-announce/2018/07/msg00044.html
https://nvd.nist.gov/vuln/detail/CVE-2018-1304
https://security.netapp.com/advisory/ntap-20180706-0001/
https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.85
https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.50
https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.28
https://usn.ubuntu.com/3665-1/
https://www.cve.org/CVERecord?id=CVE-2018-1304
https://www.debian.org/security/2018/dsa-4281
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

History

No history.

Subscriptions

Apache Tomcat

Canonical Ubuntu Linux

Debian Debian Linux

Oracle Fusion Middleware Hospitality Guest Access Micros Relate Crm Software Secure Global Desktop

Redhat Enterprise Linux Jboss Enterprise Application Platform Jboss Enterprise Web Server Jboss Fuse Jboss Middleware Openshift Application Runtimes

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2018-02-28T20:00:00.000Z

Updated: 2024-09-17T01:35:47.135Z

Reserved: 2017-12-07T00:00:00.000Z

Link: CVE-2018-1304

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-02-28T20:29:00.227

Modified: 2024-11-21T03:59:35.043

Link: CVE-2018-1304

Redhat

Severity : Moderate

Publid Date: 2018-01-31T00:00:00Z

Links: CVE-2018-1304 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object