2018-02-28 21:29:00 2019-10-03 02:03:26

The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected.

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE
Redhat Jboss middleware 1 (not an official CPE) Redhat Jboss enterprise web server 3.0.0 (not an official CPE) Redhat Jboss enterprise application platform 6.4 (not an official CPE) Redhat Jboss enterprise application platform 6 (not an official CPE) Oracle Secure global desktop 5.4 (not an official CPE) Oracle Secure global desktop 5.3 (not an official CPE) Oracle Micros relate crm software 11.4 (not an official CPE) Oracle Hospitality guest access 4.2.1 (not an official CPE) Oracle Hospitality guest access 4.2.0 (not an official CPE) Oracle Fusion middleware 12.2.1.3.0 (not an official CPE) Apache Tomcat 9.0.4 (not an official CPE) Apache Tomcat 9.0.3 (not an official CPE) Apache Tomcat 9.0.2 (not an official CPE) Apache Tomcat 9.0.1 (not an official CPE) Apache Tomcat 9.0.0 M9 (not an official CPE) Apache Tomcat 9.0.0 M8 (not an official CPE) Apache Tomcat 9.0.0 M7 (not an official CPE) Apache Tomcat 9.0.0 M6 (not an official CPE) Apache Tomcat 9.0.0 M5 (not an official CPE) Apache Tomcat 9.0.0 M4 (not an official CPE) Apache Tomcat 9.0.0 M3 (not an official CPE) Apache Tomcat 9.0.0 M27 (not an official CPE) Apache Tomcat 9.0.0 M26 (not an official CPE) Apache Tomcat 9.0.0 M25 (not an official CPE) Apache Tomcat 9.0.0 M24 (not an official CPE) Apache Tomcat 9.0.0 M23 (not an official CPE) Apache Tomcat 9.0.0 M22 (not an official CPE) Apache Tomcat 9.0.0 M21 (not an official CPE) Apache Tomcat 9.0.0 M20 (not an official CPE) Apache Tomcat 9.0.0 M2 (not an official CPE) Apache Tomcat 9.0.0 M19 (not an official CPE) Apache Tomcat 9.0.0 M18 (not an official CPE) Apache Tomcat 9.0.0 M17 (not an official CPE) Apache Tomcat 9.0.0 M16 (not an official CPE) Apache Tomcat 9.0.0 M15 (not an official CPE) Apache Tomcat 9.0.0 M14 (not an official CPE) Apache Tomcat 9.0.0 M13 (not an official CPE) Apache Tomcat 9.0.0 M12 (not an official CPE) Apache Tomcat 9.0.0 M11 (not an official CPE) Apache Tomcat 9.0.0 M10 (not an official CPE) Apache Tomcat 9.0.0 M1 (not an official CPE) Apache Tomcat 8.5.27 (not an official CPE) Apache Tomcat 8.5.26 (not an official CPE) Apache Tomcat 8.5.25 (not an official CPE) Apache Tomcat 8.5.24 (not an official CPE) Apache Tomcat 8.5.23 (not an official CPE) Apache Tomcat 8.5.22 (not an official CPE) Apache Tomcat 8.5.21 (not an official CPE) Apache Tomcat 8.5.20 (not an official CPE) Apache Tomcat 8.5.19 (not an official CPE) Apache Tomcat 8.5.18 (not an official CPE) Apache Tomcat 8.5.17 (not an official CPE) Apache Tomcat 8.5.16 (not an official CPE) Apache Tomcat 8.5.15 (not an official CPE) Apache Tomcat 8.5.14 (not an official CPE) Apache Tomcat 8.5.13 (not an official CPE) Apache Tomcat 8.5.12 (not an official CPE) Apache Tomcat 8.5.11 (not an official CPE) Apache Tomcat 8.5.10 (not an official CPE) Apache Tomcat 8.5.9 (not an official CPE) Apache Tomcat 8.5.8 (not an official CPE) Apache Tomcat 8.5.7 (not an official CPE) Apache Tomcat 8.5.6 (not an official CPE) Apache Tomcat 8.5.5 (not an official CPE) Apache Tomcat 8.5.4 (not an official CPE) Apache Tomcat 8.5.3 (not an official CPE) Apache Tomcat 8.5.2 (not an official CPE) Apache Tomcat 8.5.1 (not an official CPE) Apache Tomcat 8.5.0 (not an official CPE) Apache Tomcat 8.0.49 (not an official CPE) Apache Tomcat 8.0.48 (not an official CPE) Apache Tomcat 8.0.47 (not an official CPE) Apache Tomcat 8.0.46 (not an official CPE) Apache Tomcat 8.0.45 (not an official CPE) Apache Tomcat 8.0.44 (not an official CPE) Apache Tomcat 8.0.43 (not an official CPE) Apache Tomcat 8.0.42 (not an official CPE) Apache Tomcat 8.0.41 (not an official CPE) Apache Tomcat 8.0.40 (not an official CPE) Apache Tomcat 8.0.39 (not an official CPE) Apache Tomcat 8.0.38 (not an official CPE) Apache Tomcat 8.0.37 (not an official CPE) Apache Tomcat 8.0.36 (not an official CPE) Apache Tomcat 8.0.35 (not an official CPE) Apache Tomcat 8.0.34 (not an official CPE) Apache Tomcat 8.0.33 (not an official CPE) Apache Tomcat 8.0.32 (not an official CPE) Apache Tomcat 8.0.31 (not an official CPE) Apache Tomcat 8.0.30 (not an official CPE) Apache Tomcat 8.0.29 (not an official CPE) Apache Tomcat 8.0.28 (not an official CPE) Apache Tomcat 8.0.27 (not an official CPE) Apache Tomcat 8.0.26 (not an official CPE) Apache Tomcat 8.0.25 (not an official CPE) Apache Tomcat 8.0.24 (not an official CPE) Apache Tomcat 8.0.23 (not an official CPE) Apache Tomcat 8.0.22 (not an official CPE) Apache Tomcat 8.0.21 (not an official CPE) Apache Tomcat 8.0.20 (not an official CPE) Apache Tomcat 8.0.19 (not an official CPE) Apache Tomcat 8.0.18 (not an official CPE) Apache Tomcat 8.0.17 (not an official CPE) Apache Tomcat 8.0.16 (not an official CPE) Apache Software Foundation Tomcat 8.0.15 Apache Software Foundation Tomcat 8.0.14 Apache Tomcat 8.0.13 (not an official CPE) Apache Software Foundation Tomcat 8.0.12 Apache Software Foundation Tomcat 8.0.11 Apache Tomcat 8.0.10 (not an official CPE) Apache Software Foundation Tomcat 8.0.9 Apache Tomcat 8.0.8 (not an official CPE) Apache Tomcat 8.0.7 (not an official CPE) Apache Tomcat 8.0.6 (not an official CPE) Apache Tomcat 8.0.5 (not an official CPE) Apache Tomcat 8.0.4 (not an official CPE) Apache Tomcat 8.0.3 (not an official CPE) Apache Tomcat 8.0.2 (not an official CPE) Apache Software Foundation Tomcat 8.0.1 Apache Software Foundation Tomcat 8.0.0 release candidate 5 Apache Software Foundation Tomcat 8.0.0 Release Candidate 2 Apache Software Foundation Tomcat 8.0.0 release candidate 10 Apache Software Foundation Tomcat 8.0.0 Release Candidate 1 Apache Tomcat 7.0.84 (not an official CPE) Apache Tomcat 7.0.83 (not an official CPE) Apache Tomcat 7.0.82 (not an official CPE) Apache Tomcat 7.0.81 (not an official CPE) Apache Tomcat 7.0.80 (not an official CPE) Apache Tomcat 7.0.79 (not an official CPE) Apache Tomcat 7.0.78 (not an official CPE) Apache Tomcat 7.0.77 (not an official CPE) Apache Tomcat 7.0.76 (not an official CPE) Apache Tomcat 7.0.75 (not an official CPE) Apache Tomcat 7.0.74 (not an official CPE) Apache Tomcat 7.0.73 (not an official CPE) Apache Tomcat 7.0.72 (not an official CPE) Apache Tomcat 7.0.71 (not an official CPE) Apache Tomcat 7.0.70 (not an official CPE) Apache Tomcat 7.0.69 (not an official CPE) Apache Tomcat 7.0.68 (not an official CPE) Apache Tomcat 7.0.67 (not an official CPE) Apache Tomcat 7.0.66 (not an official CPE) Apache Tomcat 7.0.65 (not an official CPE) Apache Tomcat 7.0.64 (not an official CPE) Apache Tomcat 7.0.63 (not an official CPE) Apache Tomcat 7.0.62 (not an official CPE) Apache Tomcat 7.0.61 (not an official CPE) Apache Tomcat 7.0.60 (not an official CPE) Apache Tomcat 7.0.59 (not an official CPE) Apache Tomcat 7.0.58 (not an official CPE) Apache Software Foundation Tomcat 7.0.57 Apache Software Foundation Tomcat 7.0.56 Apache Software Foundation Tomcat 7.0.55 Apache Software Foundation Tomcat 7.0.54 Apache Tomcat 7.0.53 (not an official CPE) Apache Tomcat 7.0.52 (not an official CPE) Apache Tomcat 7.0.51 (not an official CPE) Apache Software Foundation Tomcat 7.0.48 Apache Software Foundation Tomcat 7.0.50 Apache Software Foundation Tomcat 7.0.49 Apache Software Foundation Tomcat 7.0.47 Apache Software Foundation Tomcat 7.0.46 Apache Software Foundation Tomcat 7.0.45 Apache Software Foundation Tomcat 7.0.42 Apache Software Foundation Tomcat 7.0.44 Apache Software Foundation Tomcat 7.0.43 Apache Software Foundation Tomcat 7.0.41 Apache Software Foundation Tomcat 7.0.40 Apache Software Foundation Tomcat 7.0.39 Apache Software Foundation Tomcat 7.0.38 Apache Software Foundation Tomcat 7.0.37 Apache Software Foundation Tomcat 7.0.36 Apache Software Foundation Tomcat 7.0.35 Apache Software Foundation Tomcat 7.0.34 Apache Software Foundation Tomcat 7.0.33 Apache Software Foundation Tomcat 7.0.32 Apache Software Foundation Tomcat 7.0.31 Apache Software Foundation Tomcat 7.0.30 Apache Software Foundation Tomcat 7.0.29 Apache Software Foundation Tomcat 7.0.28 Apache Software Foundation Tomcat 7.0.27 Apache Software Foundation Tomcat 7.0.26 Apache Software Foundation Tomcat 7.0.25 Apache Software Foundation Tomcat 7.0.24 Apache Software Foundation Tomcat 7.0.23 Apache Software Foundation Tomcat 7.0.22 Apache Software Foundation Tomcat 7.0.21 Apache Software Foundation Tomcat 7.0.20 Apache Software Foundation Tomcat 7.0.19 Apache Software Foundation Tomcat 7.0.18 Apache Software Foundation Tomcat 7.0.17 Apache Software Foundation Tomcat 7.0.16 Apache Software Foundation Tomcat 7.0.15 Apache Software Foundation Tomcat 7.0.14 Apache Software Foundation Tomcat 7.0.13 Apache Software Foundation Tomcat 7.0.12 Apache Software Foundation Tomcat 7.0.11 Apache Software Foundation Tomcat 7.0.10 Apache Software Foundation Tomcat 7.0.9 Apache Software Foundation Tomcat 7.0.8 Apache Software Foundation Tomcat 7.0.7 Apache Software Foundation Tomcat 7.0.6 Apache Tomcat 7.0.5 Beta (not an official CPE) Apache Software Foundation Tomcat 7.0.5 Apache Software Foundation Tomcat 7.0.4 beta Apache Software Foundation Tomcat 7.0.4 Apache Software Foundation Tomcat 7.0.3 Apache Software Foundation Tomcat 7.0.2 beta Apache Software Foundation Tomcat 7.0.2 Apache Software Foundation Tomcat 7.0.1 Apache Software Foundation Tomcat 7.0.0 beta Apache Software Foundation Tomcat 7.0.0