| Title | Apache Tomcat の複数の脆弱性に対するアップデート |
|---|---|
| Summary | The Apache Software Foundation から、Apache Tomcat に関する次の複数の脆弱性に対するアップデートが公開されました。 * セキュリティマネージャの制限回避 (CVE-2016-5018, CVE-2016-6794, CVE-2016-6796) * ResourceLinkFactory のアクセス制限不備 (CVE-2016-6797) * レルム実装へのタイミング攻撃 (CVE-2016-0762) |
| Possible impacts | 想定される影響は各脆弱性により異なりますが、次のような影響を受ける可能性があります。 * システムプロパティや登録ユーザ名などに関する情報漏えい * グローバル JNDI リソースへの不正なアクセス |
| Solution | [アップデートする] 開発者が提供する情報をもとに、最新版へアップデートしてください。 開発者は本脆弱性の対策版として、次のバージョンをリリースしています。 * Apache Tomcat 9.0.0.M10 * Apache Tomcat 8.5.5 * Apache Tomcat 8.0.37 * Apache Tomcat 7.0.72 * Apache Tomcat 6.0.47 |
| Publication Date | Oct. 28, 2016, midnight |
| Registration Date | March 9, 2017, 12:11 p.m. |
| Last Update | May 1, 2018, 11:46 a.m. |
| Apache Software Foundation |
| Apache Tomcat 6.0.0 から 6.0.45 まで |
| Apache Tomcat 7.0.0 から 7.0.70 まで |
| Apache Tomcat 8.0.0.RC1 から 8.0.36 まで |
| Apache Tomcat 8.5.0 から 8.5.4 まで |
| Apache Tomcat 9.0.0.M1 から 9.0.0.M9 まで |
| 日立 |
| Cosminexus Application Server Enterprise Version 6 |
| Cosminexus Application Server Standard Version 6 |
| Cosminexus Application Server Version 5 |
| Cosminexus Component Container |
| Cosminexus Developer Light Version 6 |
| Cosminexus Developer Professional Version 6 |
| Cosminexus Developer Standard Version 6 |
| Cosminexus Developer Version 5 |
| Cosminexus Primary Server Base Version 5 |
| Cosminexus Primary Server Base Version 6 |
| Cosminexus Primary Server Version 6 |
| Cosminexus Studio Light Version |
| Embedded Cosminexus Server Version 5 |
| uCosminexus Application Server |
| uCosminexus Application Server (64) |
| uCosminexus Application Server -R |
| uCosminexus Application Server Express |
| uCosminexus Application Server Light |
| uCosminexus Application Server Standard-R |
| uCosminexus Application Server Enterprise |
| uCosminexus Application Server Smart Edition |
| uCosminexus Application Server Standard |
| uCosminexus Developer |
| uCosminexus Developer 01 |
| uCosminexus Developer Professional |
| uCosminexus Developer Professional for ATM |
| uCosminexus Developer Professional for Plug-in |
| uCosminexus Developer Light |
| uCosminexus Developer Standard |
| uCosminexus Primary Server Base |
| uCosminexus Primary Server Base(64) |
| uCosminexus Service Architect |
| uCosminexus Service Platform |
| uCosminexus Service Platform (64) |
| uCosminexus Service Platform - Messaging |
| プログラミング環境 for Java |
| No | Changed Details | Date of change |
|---|---|---|
| 0 | [2017年03月09日] 掲載 [2017年04月05日] 影響を受けるシステム:ベンダ情報の追加に伴い内容を更新 ベンダ情報:日立 (hitachi-sec-2017-106) を追加 |
Feb. 17, 2018, 10:37 a.m. |
| 1 | [2018年02月28日] 参考情報:National Vulnerability Database (NVD) (CVE-2016-5018) を追加 参考情報:National Vulnerability Database (NVD) (CVE-2016-6794) を追加 参考情報:National Vulnerability Database (NVD) (CVE-2016-6796) を追加 参考情報:National Vulnerability Database (NVD) (CVE-2016-6797) を追加 参考情報:National Vulnerability Database (NVD) (CVE-2016-0762) を追加 |
Feb. 28, 2018, 10:44 a.m. |
| 2 | [2018年05月01日] ベンダ情報:日本電気 (NV18-008) を追加 |
May 1, 2018, 10 a.m. |
| Summary | The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. |
|---|---|
| Publication Date | Aug. 11, 2017, 1:29 a.m. |
| Registration Date | Jan. 26, 2021, 2:04 p.m. |
| Last Update | Nov. 21, 2024, 11:42 a.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* | 6.0.0 | 6.0.45 | |||
| cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* | 7.0.0 | 7.0.70 | |||
| cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* | 8.0 | 8.0.36 | |||
| cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* | 8.5.0 | 8.5.4 | |||
| Configuration2 | or higher | or less | more than | less than | |
| cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* | |||||
| Configuration3 | or higher | or less | more than | less than | |
| cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* | |||||
| Configuration4 | or higher | or less | more than | less than | |
| cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:* | |||||
| Configuration5 | or higher | or less | more than | less than | |
| cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:* | |||||
| Configuration6 | or higher | or less | more than | less than | |
| cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:* | 8.0.0 | 8.5.0 | |||
| cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:* | 7.4.0 | 7.7.1 | |||
| Summary | In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. |
|---|---|
| Publication Date | Aug. 11, 2017, 1:29 a.m. |
| Registration Date | Jan. 26, 2021, 2:13 p.m. |
| Last Update | Nov. 21, 2024, 11:53 a.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* | 6.0.0 | 6.0.45 | |||
| cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* | 7.0.0 | 7.0.70 | |||
| cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* | 8.0 | 8.0.36 | |||
| cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* | 8.5.0 | 8.5.4 | |||
| Configuration2 | or higher | or less | more than | less than | |
| cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:* | |||||
| Configuration3 | or higher | or less | more than | less than | |
| cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* | |||||
| Configuration4 | or higher | or less | more than | less than | |
| cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* | |||||
| Configuration5 | or higher | or less | more than | less than | |
| cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:* | |||||
| Configuration6 | or higher | or less | more than | less than | |
| cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:* | 7.4.0 | 7.7.1 | |||
| Summary | When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. |
|---|---|
| Publication Date | Aug. 11, 2017, 1:29 a.m. |
| Registration Date | Jan. 26, 2021, 2:16 p.m. |
| Last Update | Nov. 21, 2024, 11:56 a.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* | 6.0.0 | 6.0.45 | |||
| cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* | 7.0.0 | 7.0.70 | |||
| cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* | 8.0 | 8.0.36 | |||
| cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* | 8.5.0 | 8.5.4 | |||
| Configuration2 | or higher | or less | more than | less than | |
| cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* | |||||
| Configuration3 | or higher | or less | more than | less than | |
| cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:* | |||||
| Configuration4 | or higher | or less | more than | less than | |
| cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:* | |||||
| Configuration5 | or higher | or less | more than | less than | |
| cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* | |||||
| Configuration6 | or higher | or less | more than | less than | |
| cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:* | 7.4.0 | 7.7.1 | |||
| Summary | A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. |
|---|---|
| Publication Date | Aug. 11, 2017, 11:29 a.m. |
| Registration Date | Jan. 26, 2021, 2:16 p.m. |
| Last Update | Nov. 21, 2024, 11:56 a.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* | 6.0.0 | 6.0.45 | |||
| cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* | 7.0.0 | 7.0.70 | |||
| cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* | 8.0 | 8.0.36 | |||
| cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* | 8.5.0 | 8.5.4 | |||
| Configuration2 | or higher | or less | more than | less than | |
| cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* | |||||
| Configuration3 | or higher | or less | more than | less than | |
| cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:* | |||||
| Configuration4 | or higher | or less | more than | less than | |
| cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* | |||||
| Configuration5 | or higher | or less | more than | less than | |
| cpe:2.3:a:oracle:tekelec_platform_distribution:7.4.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:tekelec_platform_distribution:7.7.1:*:*:*:*:*:*:* | |||||
| Configuration6 | or higher | or less | more than | less than | |
| cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:* | |||||
| Summary | The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. |
|---|---|
| Publication Date | Aug. 11, 2017, 7:29 a.m. |
| Registration Date | Jan. 26, 2021, 2:16 p.m. |
| Last Update | Nov. 21, 2024, 11:56 a.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* | 6.0.0 | 6.0.45 | |||
| cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* | 7.0.0 | 7.0.70 | |||
| cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* | 8.0 | 8.0.36 | |||
| cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* | 8.5.0 | 8.5.4 | |||
| Configuration2 | or higher | or less | more than | less than | |
| cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:* | 7.4.0 | 7.7.1 | |||
| Configuration3 | or higher | or less | more than | less than | |
| cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* | |||||
| Configuration4 | or higher | or less | more than | less than | |
| cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:* | |||||
| Configuration5 | or higher | or less | more than | less than | |
| cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* | |||||
| Configuration6 | or higher | or less | more than | less than | |
| cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:* | |||||