2017-08-11 04:29:00 2019-06-12 19:29:00

The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE
Apache Tomcat 9.0.0 M9 (not an official CPE) Apache Tomcat 9.0.0 M8 (not an official CPE) Apache Tomcat 9.0.0 M7 (not an official CPE) Apache Tomcat 9.0.0 M6 (not an official CPE) Apache Tomcat 9.0.0 M5 (not an official CPE) Apache Tomcat 9.0.0 M4 (not an official CPE) Apache Tomcat 9.0.0 M3 (not an official CPE) Apache Tomcat 9.0.0 M21 (not an official CPE) Apache Tomcat 9.0.0 M20 (not an official CPE) Apache Tomcat 9.0.0 M2 (not an official CPE) Apache Tomcat 9.0.0 M19 (not an official CPE) Apache Tomcat 9.0.0 M18 (not an official CPE) Apache Tomcat 9.0.0 M17 (not an official CPE) Apache Tomcat 9.0.0 M16 (not an official CPE) Apache Tomcat 9.0.0 M15 (not an official CPE) Apache Tomcat 9.0.0 M14 (not an official CPE) Apache Tomcat 9.0.0 M13 (not an official CPE) Apache Tomcat 9.0.0 M12 (not an official CPE) Apache Tomcat 9.0.0 M11 (not an official CPE) Apache Tomcat 9.0.0 M10 (not an official CPE) Apache Tomcat 9.0.0 M1 (not an official CPE) Apache Tomcat 8.5.15 (not an official CPE) Apache Tomcat 8.5.14 (not an official CPE) Apache Tomcat 8.5.13 (not an official CPE) Apache Tomcat 8.5.9 (not an official CPE) Apache Tomcat 8.5.10 (not an official CPE) Apache Tomcat 8.5.11 (not an official CPE) Apache Tomcat 8.5.12 (not an official CPE) Apache Tomcat 8.5.8 (not an official CPE) Apache Tomcat 8.5.7 (not an official CPE) Apache Tomcat 8.5.6 (not an official CPE) Apache Tomcat 8.5.5 (not an official CPE) Apache Tomcat 8.5.4 (not an official CPE) Apache Tomcat 8.5.3 (not an official CPE) Apache Tomcat 8.5.2 (not an official CPE) Apache Tomcat 8.5.1 (not an official CPE) Apache Tomcat 8.5.0 (not an official CPE)