| Title | Apache Tomcat の複数の脆弱性に対するアップデート |
|---|---|
| Summary | The Apache Software Foundation から、Apache Tomcat に関する次の複数の脆弱性に対するアップデートが公開されました。 * HTTP レスポンスの改ざん (CVE-2016-6816) * サービス運用妨害 (DoS) (CVE-2016-6817) * 任意のコード実行 (CVE-2016-8735) |
| Possible impacts | 想定される影響は各脆弱性により異なりますが、情報漏えい、サービス運用妨害 (DoS)、任意のコード実行などの影響を受ける可能性があります。 |
| Solution | [アップデートする] 開発者が提供する情報をもとに、最新版へアップデートしてください。 開発者はこれらの脆弱性の対策版として、次のバージョンをリリースしています。 * Apache Tomcat 9.0.0.M13 * Apache Tomcat 8.5.8 * Apache Tomcat 8.0.39 * Apache Tomcat 7.0.73 * Apache Tomcat 6.0.48 |
| Publication Date | Nov. 24, 2016, midnight |
| Registration Date | March 9, 2017, 1:39 p.m. |
| Last Update | April 12, 2019, 10:28 a.m. |
| Apache Software Foundation |
| Apache Tomcat 6.0.0 から 6.0.47 まで |
| Apache Tomcat 7.0.0 から 7.0.72 まで |
| Apache Tomcat 8.0.0.RC1 から 8.0.38 まで |
| Apache Tomcat 8.5.0 から 8.5.6 まで |
| Apache Tomcat 9.0.0.M1 から 9.0.0.M11 まで |
| Apache Tomcat 6.0.0 から 6.0.47 まで |
| Apache Tomcat 7.0.0 から 7.0.72 まで |
| Apache Tomcat 8.0.0.RC1 から 8.0.38 まで |
| Apache Tomcat 8.5.0 から 8.5.6 まで |
| Apache Tomcat 9.0.0.M1 から 9.0.0.M11 まで |
| 日本電気 |
| MailShooter 全バージョン |
| MailShooter 全バージョン |
| SimpWright V6 |
| SimpWright V7 |
| SimpWright V6 |
| SimpWright V7 |
| SpoolServerシリーズ ReportFiling Ver5.2 から 6.2 |
| SpoolServerシリーズ ReportFiling Ver5.2 から 6.2 |
| 日立 |
| Cosminexus Application Server Enterprise Version 6 |
| Cosminexus Application Server Enterprise Version 6 |
| Cosminexus Application Server Standard Version 6 |
| Cosminexus Application Server Standard Version 6 |
| Cosminexus Application Server Version 5 |
| Cosminexus Application Server Version 5 |
| Cosminexus Component Container |
| Cosminexus Component Container |
| Cosminexus Developer Light Version 6 |
| Cosminexus Developer Light Version 6 |
| Cosminexus Developer Professional Version 6 |
| Cosminexus Developer Professional Version 6 |
| Cosminexus Developer Standard Version 6 |
| Cosminexus Developer Standard Version 6 |
| Cosminexus Developer Version 5 |
| Cosminexus Developer Version 5 |
| Cosminexus Primary Server Base Version 5 |
| Cosminexus Primary Server Base Version 6 |
| Cosminexus Primary Server Version 6 |
| Cosminexus Primary Server Base Version 5 |
| Cosminexus Primary Server Base Version 6 |
| Cosminexus Primary Server Version 6 |
| Cosminexus Studio Light Version |
| Cosminexus Studio Light Version |
| Embedded Cosminexus Server Version 5 |
| Embedded Cosminexus Server Version 5 |
| JP1/Cm2/Network Node Manager |
| JP1/Cm2/Network Node Manager |
| JP1/Network Node Manager |
| JP1/Network Node Manager |
| uCosminexus Application Server |
| uCosminexus Application Server (64) |
| uCosminexus Application Server -R |
| uCosminexus Application Server Express |
| uCosminexus Application Server Light |
| uCosminexus Application Server Standard-R |
| uCosminexus Application Server |
| uCosminexus Application Server (64) |
| uCosminexus Application Server -R |
| uCosminexus Application Server Express |
| uCosminexus Application Server Light |
| uCosminexus Application Server Standard-R |
| uCosminexus Application Server Enterprise |
| uCosminexus Application Server Enterprise |
| uCosminexus Application Server Smart Edition |
| uCosminexus Application Server Smart Edition |
| uCosminexus Application Server Standard |
| uCosminexus Application Server Standard |
| uCosminexus Developer |
| uCosminexus Developer 01 |
| uCosminexus Developer Professional |
| uCosminexus Developer Professional for ATM |
| uCosminexus Developer Professional for Plug-in |
| uCosminexus Developer |
| uCosminexus Developer 01 |
| uCosminexus Developer Professional |
| uCosminexus Developer Professional for ATM |
| uCosminexus Developer Professional for Plug-in |
| uCosminexus Developer Light |
| uCosminexus Developer Light |
| uCosminexus Developer Standard |
| uCosminexus Developer Standard |
| uCosminexus Primary Server Base |
| uCosminexus Primary Server Base(64) |
| uCosminexus Primary Server Base |
| uCosminexus Primary Server Base(64) |
| uCosminexus Service Architect |
| uCosminexus Service Architect |
| uCosminexus Service Platform |
| uCosminexus Service Platform (64) |
| uCosminexus Service Platform - Messaging |
| uCosminexus Service Platform |
| uCosminexus Service Platform (64) |
| uCosminexus Service Platform - Messaging |
| プログラミング環境 for Java |
| プログラミング環境 for Java |
| No | Changed Details | Date of change |
|---|---|---|
| 1 | [2018年02月28日] 参考情報:National Vulnerability Database (NVD) (CVE-2016-6816) を追加 参考情報:National Vulnerability Database (NVD) (CVE-2016-6817) を追加 参考情報:National Vulnerability Database (NVD) (CVE-2016-8735) を追加 |
Feb. 28, 2018, 10:48 a.m. |
| 2 | [2019年04月11日] 影響を受けるシステム:ベンダ情報の追加に伴い内容を更新 ベンダ情報:日立 (hitachi-sec-2019-107) を追加 |
April 11, 2019, 2:38 p.m. |
| 0 | [2017年03月09日] 掲載 [2017年04月05日] 影響を受けるシステム:ベンダ情報の追加に伴い内容を更新 ベンダ情報:日立 (hitachi-sec-2017-107) を追加 |
Feb. 17, 2018, 10:37 a.m. |
| 1 | [2018年02月28日] 参考情報:National Vulnerability Database (NVD) (CVE-2016-6816) を追加 参考情報:National Vulnerability Database (NVD) (CVE-2016-6817) を追加 参考情報:National Vulnerability Database (NVD) (CVE-2016-8735) を追加 |
Feb. 28, 2018, 10:48 a.m. |
| 2 | [2019年04月11日] 影響を受けるシステム:ベンダ情報の追加に伴い内容を更新 ベンダ情報:日立 (hitachi-sec-2019-107) を追加 |
April 11, 2019, 2:38 p.m. |
| 0 | [2017年03月09日] 掲載 [2017年04月05日] 影響を受けるシステム:ベンダ情報の追加に伴い内容を更新 ベンダ情報:日立 (hitachi-sec-2017-107) を追加 |
Feb. 17, 2018, 10:37 a.m. |
| Summary | The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own. |
|---|---|
| Publication Date | March 21, 2017, 3:59 a.m. |
| Registration Date | Jan. 26, 2021, 2:16 p.m. |
| Last Update | Nov. 21, 2024, 11:56 a.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.39:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.34:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.47:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.22:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.25:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.42:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.44:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.21:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.38:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.23:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.37:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.45:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.41:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.46:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.43:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.40:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.36:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:* | |||||
| Configuration2 | or higher | or less | more than | less than | |
| cpe:2.3:a:apache:tomcat:7.0.49:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.62:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.53:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.58:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.55:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.51:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.63:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.46:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.72:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.71:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.59:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.65:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.48:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.67:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.66:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.44:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.69:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.52:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.60:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.45:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.68:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.31:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.36:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.54:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.61:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.57:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.43:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.38:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.24:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.56:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.64:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.70:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:* | |||||
| Configuration3 | or higher | or less | more than | less than | |
| cpe:2.3:a:apache:tomcat:8.0.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.10:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.30:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.17:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.7:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.26:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.20:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.31:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.19:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.12:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.27:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.15:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.22:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.29:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.11:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.24:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.36:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.23:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.33:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.21:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.32:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.25:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.18:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.35:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.38:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.13:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.14:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.9:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.16:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.8:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.34:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.28:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.37:*:*:*:*:*:*:* | |||||
| Configuration4 | or higher | or less | more than | less than | |
| cpe:2.3:a:apache:tomcat:8.5.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.5.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.5.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.5.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.5.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.5.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.5.1:*:*:*:*:*:*:* | |||||
| Configuration5 | or higher | or less | more than | less than | |
| cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:* | |||||
| Summary | The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible. |
|---|---|
| Publication Date | Aug. 11, 2017, 7:29 a.m. |
| Registration Date | Jan. 26, 2021, 2:16 p.m. |
| Last Update | Nov. 21, 2024, 11:56 a.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:apache:tomcat:8.5.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.5.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.5.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.5.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.5.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.5.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.5.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:* | |||||
| Summary | Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types. |
|---|---|
| Summary | La ejecución remota de código es posible con Apache Tomcat en versiones anteriores a 6.0.48, 7.x en versiones anteriores a 7.0.73, 8.x en versiones anteriores a 8.0.39, 8.5.x en versiones anteriores a 8.5.7 y 9.x en versiones anteriores a 9.0.0.M12 si JmxRemoteLifecycleListener es utilizado y un atacante puede llegar a los puertos JMX. El problema existe porque este oyente no se actualizó por coherencia con el parche de Oracle CVE-2016-3427 que afectó a los tipos de credenciales. |
| Publication Date | April 7, 2017, 6:59 a.m. |
| Registration Date | Jan. 26, 2021, 2:19 p.m. |
| Last Update | April 22, 2026, 2:03 a.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* | 6.0.48 | ||||
| cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* | 7.0.0 | 7.0.73 | |||
| cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* | 8.0 | 8.0.39 | |||
| cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* | 8.5.0 | 8.5.7 | |||
| cpe:2.3:a:apache:tomcat:9.0.0:-:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:* | |||||
| cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* | |||||
| cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:agile_engineering_data_management:6.1.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:agile_engineering_data_management:6.2.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:communications_application_session_controller:3.7.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:communications_application_session_controller:3.8.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:micros_relate_crm_software:10.8:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:micros_relate_crm_software:11.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.0.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.5.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.6.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.7.7:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.8.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.8.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* | 3.2.8.2223 | ||||
| cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* | 3.3.0 | 3.3.4.3247 | |||
| cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* | 3.4.0 | 3.4.2.4181 | |||
| cpe:2.3:a:oracle:retail_convenience_and_fuel_pos_software:2.1.132:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:transportation_management:6.3.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:transportation_management:6.3.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:transportation_management:6.3.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:transportation_management:6.3.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:transportation_management:6.3.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:transportation_management:6.3.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:transportation_management:6.3.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:transportation_management:6.3.7:*:*:*:*:*:*:* | |||||