Количество 43
Количество 43
RLSA-2019:1529
Important: pki-deps:10.6 security update
ELSA-2019-1529
ELSA-2019-1529: pki-deps:10.6 security update (IMPORTANT)
SUSE-SU-2018:3388-1
Security update for tomcat
openSUSE-SU-2018:3054-1
Security update for tomcat
openSUSE-SU-2018:2740-1
Security update for tomcat
SUSE-SU-2018:3011-2
Security update for tomcat
SUSE-SU-2018:3011-1
Security update for tomcat
SUSE-SU-2018:2699-1
Security update for tomcat
SUSE-SU-2018:3261-1
Security update for tomcat
ELSA-2019-2205
ELSA-2019-2205: tomcat security, bug fix, and enhancement update (MODERATE)
CVE-2018-8014
The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue.
CVE-2018-8014
The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue.
CVE-2018-8014
The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue.
CVE-2018-8014
The defaults settings for the CORS filter provided in Apache Tomcat 9. ...
GHSA-r4x2-3cq5-hqvp
The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins
BDU:2019-00094
Уязвимость компонента CORS контейнера сервлетов Apache Tomcat, позволяющая нарушителю получить доступ к защищаемой информации
CVE-2018-8034
The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.
CVE-2018-8034
The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.
CVE-2018-8034
The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.
CVE-2018-8034
The host name verification when using TLS with the WebSocket client wa ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | RLSA-2019:1529 Important: pki-deps:10.6 security update | больше 6 лет назад | ||
| ELSA-2019-1529 ELSA-2019-1529: pki-deps:10.6 security update (IMPORTANT) | больше 6 лет назад | ||
 | SUSE-SU-2018:3388-1 Security update for tomcat | около 7 лет назад | ||
| openSUSE-SU-2018:3054-1 Security update for tomcat | около 7 лет назад | ||
| openSUSE-SU-2018:2740-1 Security update for tomcat | около 7 лет назад | ||
| SUSE-SU-2018:3011-2 Security update for tomcat | почти 7 лет назад | ||
| SUSE-SU-2018:3011-1 Security update for tomcat | почти 7 лет назад | ||
| SUSE-SU-2018:2699-1 Security update for tomcat | около 7 лет назад | ||
| SUSE-SU-2018:3261-1 Security update for tomcat | около 7 лет назад | ||
| ELSA-2019-2205 ELSA-2019-2205: tomcat security, bug fix, and enhancement update (MODERATE) | около 6 лет назад | ||
 | CVE-2018-8014 The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue. | CVSS3: 9.8 | 22% Средний | больше 7 лет назад |
 | CVE-2018-8014 The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue. | CVSS3: 5.7 | 22% Средний | больше 7 лет назад |
 | CVE-2018-8014 The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue. | CVSS3: 9.8 | 22% Средний | больше 7 лет назад |
| CVE-2018-8014 The defaults settings for the CORS filter provided in Apache Tomcat 9. ... | CVSS3: 9.8 | 22% Средний | больше 7 лет назад |
| GHSA-r4x2-3cq5-hqvp The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins | CVSS3: 9.8 | 22% Средний | около 7 лет назад |
 | BDU:2019-00094 Уязвимость компонента CORS контейнера сервлетов Apache Tomcat, позволяющая нарушителю получить доступ к защищаемой информации | CVSS3: 9.8 | 22% Средний | больше 7 лет назад |
| CVE-2018-8034 The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88. | CVSS3: 7.5 | 6% Низкий | больше 7 лет назад |
| CVE-2018-8034 The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88. | CVSS3: 4.3 | 6% Низкий | больше 7 лет назад |
| CVE-2018-8034 The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88. | CVSS3: 7.5 | 6% Низкий | больше 7 лет назад |
| CVE-2018-8034 The host name verification when using TLS with the WebSocket client wa ... | CVSS3: 7.5 | 6% Низкий | больше 7 лет назад |
Уязвимостей на страницу