Описание
The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 7.0.78-1 |
| bionic | not-affected | 7.0.78-1 |
| cosmic | not-affected | 7.0.78-1 |
| devel | DNE | |
| disco | DNE | |
| eoan | DNE | |
| esm-apps/bionic | not-affected | 7.0.78-1 |
| esm-apps/xenial | needed | |
| esm-infra-legacy/trusty | not-affected | 7.0.52-1ubuntu0.13 |
| esm-infra/focal | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 8.5.21-1 |
| bionic | not-affected | 8.5.21-1 |
| cosmic | not-affected | 8.5.21-1 |
| devel | DNE | |
| disco | DNE | |
| eoan | DNE | |
| esm-apps/bionic | not-affected | 8.5.21-1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| esm-infra/xenial | not-affected | 8.0.32-1ubuntu1.5 |
Показывать по
EPSS
4.3 Medium
CVSS2
4.3 Medium
CVSS3
Связанные уязвимости
The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances.
The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances.
The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.1 ...
Insufficient Verification of Data Authenticity in Apache Tomcat
Уязвимость фильтра CORS сервера приложений Apache Tomcat, позволяющая нарушителю осуществить заражение клиента и сервера при определенных обстоятельствах
EPSS
4.3 Medium
CVSS2
4.3 Medium
CVSS3