NVD Vulnerability Detail

CVE-2011-2526

Summary	Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
Publication Date	July 15, 2011, 8:55 a.m.
Registration Date	Jan. 28, 2021, 4:38 p.m.
Last Update	Nov. 21, 2024, 10:28 a.m.

CVSS2.0 : MEDIUM
Score	4.4
Vector	AV:L/AC:M/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:apache:tomcat:5.5.27:::::::*
cpe:2.3:a:apache:tomcat:5.5.18:::::::*
cpe:2.3:a:apache:tomcat:5.5.12:::::::*
cpe:2.3:a:apache:tomcat:5.5.14:::::::*
cpe:2.3:a:apache:tomcat:5.5.10:::::::*
cpe:2.3:a:apache:tomcat:5.5.4:::::::*
cpe:2.3:a:apache:tomcat:5.5.7:::::::*
cpe:2.3:a:apache:tomcat:5.5.1:::::::*
cpe:2.3:a:apache:tomcat:5.5.11:::::::*
cpe:2.3:a:apache:tomcat:5.5.28:::::::*
cpe:2.3:a:apache:tomcat:5.5.6:::::::*
cpe:2.3:a:apache:tomcat:5.5.26:::::::*
cpe:2.3:a:apache:tomcat:5.5.20:::::::*
cpe:2.3:a:apache:tomcat:5.5.15:::::::*
cpe:2.3:a:apache:tomcat:5.5.5:::::::*
cpe:2.3:a:apache:tomcat:5.5.30:::::::*
cpe:2.3:a:apache:tomcat:5.5.21:::::::*
cpe:2.3:a:apache:tomcat:5.5.22:::::::*
cpe:2.3:a:apache:tomcat:5.5.3:::::::*
cpe:2.3:a:apache:tomcat:5.5.32:::::::*
cpe:2.3:a:apache:tomcat:5.5.31:::::::*
cpe:2.3:a:apache:tomcat:5.5.9:::::::*
cpe:2.3:a:apache:tomcat:5.5.25:::::::*
cpe:2.3:a:apache:tomcat:5.5.33:::::::*
cpe:2.3:a:apache:tomcat:5.5.2:::::::*
cpe:2.3:a:apache:tomcat:5.5.0:::::::*
cpe:2.3:a:apache:tomcat:5.5.13:::::::*
cpe:2.3:a:apache:tomcat:5.5.24:::::::*
cpe:2.3:a:apache:tomcat:5.5.8:::::::*
cpe:2.3:a:apache:tomcat:5.5.16:::::::*
cpe:2.3:a:apache:tomcat:5.5.17:::::::*
cpe:2.3:a:apache:tomcat:5.5.29:::::::*
cpe:2.3:a:apache:tomcat:5.5.19:::::::*
cpe:2.3:a:apache:tomcat:5.5.23:::::::*

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:apache:tomcat:6.0.6:::::::*
cpe:2.3:a:apache:tomcat:6.0.11:::::::*
cpe:2.3:a:apache:tomcat:6.0.7:::::::*
cpe:2.3:a:apache:tomcat:6.0.4:::::::*
cpe:2.3:a:apache:tomcat:6.0.15:::::::*
cpe:2.3:a:apache:tomcat:6.0.20:::::::*
cpe:2.3:a:apache:tomcat:6.0.10:::::::*
cpe:2.3:a:apache:tomcat:6.0.31:::::::*
cpe:2.3:a:apache:tomcat:6.0.29:::::::*
cpe:2.3:a:apache:tomcat:6.0.3:::::::*
cpe:2.3:a:apache:tomcat:6.0.9:::::::*
cpe:2.3:a:apache:tomcat:6.0.24:::::::*
cpe:2.3:a:apache:tomcat:6.0.17:::::::*
cpe:2.3:a:apache:tomcat:6.0:::::::*
cpe:2.3:a:apache:tomcat:6.0.32:::::::*
cpe:2.3:a:apache:tomcat:6.0.28:::::::*
cpe:2.3:a:apache:tomcat:6.0.0:::::::*
cpe:2.3:a:apache:tomcat:6.0.14:::::::*
cpe:2.3:a:apache:tomcat:6.0.1:::::::*
cpe:2.3:a:apache:tomcat:6.0.12:::::::*
cpe:2.3:a:apache:tomcat:6.0.18:::::::*
cpe:2.3:a:apache:tomcat:6.0.5:::::::*
cpe:2.3:a:apache:tomcat:6.0.30:::::::*
cpe:2.3:a:apache:tomcat:6.0.2:::::::*
cpe:2.3:a:apache:tomcat:6.0.13:::::::*
cpe:2.3:a:apache:tomcat:6.0.26:::::::*
cpe:2.3:a:apache:tomcat:6.0.19:::::::*
cpe:2.3:a:apache:tomcat:6.0.27:::::::*
cpe:2.3:a:apache:tomcat:6.0.16:::::::*
cpe:2.3:a:apache:tomcat:6.0.8:::::::*

Configuration3	or higher	or less	more than	less than
cpe:2.3:a:apache:tomcat:7.0.12:::::::*
cpe:2.3:a:apache:tomcat:7.0.8:::::::*
cpe:2.3:a:apache:tomcat:7.0.1:::::::*
cpe:2.3:a:apache:tomcat:7.0.2:::::::*
cpe:2.3:a:apache:tomcat:7.0.5:::::::*
cpe:2.3:a:apache:tomcat:7.0.0:::::::*
cpe:2.3:a:apache:tomcat:7.0.6:::::::*
cpe:2.3:a:apache:tomcat:7.0.14:::::::*
cpe:2.3:a:apache:tomcat:7.0.11:::::::*
cpe:2.3:a:apache:tomcat:7.0.0:beta::::::
cpe:2.3:a:apache:tomcat:7.0.7:::::::*
cpe:2.3:a:apache:tomcat:7.0.10:::::::*
cpe:2.3:a:apache:tomcat:7.0.17:::::::*
cpe:2.3:a:apache:tomcat:7.0.9:::::::*
cpe:2.3:a:apache:tomcat:7.0.4:::::::*
cpe:2.3:a:apache:tomcat:7.0.3:::::::*

Related information, measures and tools

No	URL	タグ
1	http://marc.info/?l=bugtraq&m=132215163318824&w=2
2	http://marc.info/?l=bugtraq&m=132215163318824&w=2
3	http://marc.info/?l=bugtraq&m=133469267822771&w=2
4	http://marc.info/?l=bugtraq&m=133469267822771&w=2
5	http://marc.info/?l=bugtraq&m=136485229118404&w=2
6	http://marc.info/?l=bugtraq&m=136485229118404&w=2
7	http://marc.info/?l=bugtraq&m=139344343412337&w=2
8	http://osvdb.org/73797
9	http://osvdb.org/73798
10	http://rhn.redhat.com/errata/RHSA-2012-0074.html
11	http://rhn.redhat.com/errata/RHSA-2012-0075.html
12	http://rhn.redhat.com/errata/RHSA-2012-0076.html
13	http://rhn.redhat.com/errata/RHSA-2012-0077.html
14	http://rhn.redhat.com/errata/RHSA-2012-0078.html
15	http://rhn.redhat.com/errata/RHSA-2012-0325.html
16	http://secunia.com/advisories/45232
17	http://secunia.com/advisories/48308
18	http://secunia.com/advisories/57126
19	http://svn.apache.org/viewvc?view=revision&revision=1145383	Patch
20	http://svn.apache.org/viewvc?view=revision&revision=1145571	Patch
21	http://svn.apache.org/viewvc?view=revision&revision=1145694	Patch
22	http://svn.apache.org/viewvc?view=revision&revision=1146005	Patch
23	http://tomcat.apache.org/security-5.html
24	http://tomcat.apache.org/security-6.html
25	http://tomcat.apache.org/security-7.html
26	http://www.debian.org/security/2012/dsa-2401
27	http://www.mandriva.com/security/advisories?name=MDVSA-2011:156
28	http://www.securityfocus.com/archive/1/518889/100/0/threaded
29	http://www.securityfocus.com/bid/48667
30	http://www.securitytracker.com/id?1025788
31	https://bugzilla.redhat.com/show_bug.cgi?id=720948	Patch
32	https://exchange.xforce.ibmcloud.com/vulnerabilities/68541
33	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
34	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
35	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
36	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
37	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14573
38	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19514
39	http://marc.info/?l=bugtraq&m=132215163318824&w=2
40	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19514
41	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14573
42	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
43	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
44	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
45	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
46	https://exchange.xforce.ibmcloud.com/vulnerabilities/68541
47	https://bugzilla.redhat.com/show_bug.cgi?id=720948	Patch
48	http://www.securitytracker.com/id?1025788
49	http://www.securityfocus.com/bid/48667
50	http://www.securityfocus.com/archive/1/518889/100/0/threaded
51	http://www.mandriva.com/security/advisories?name=MDVSA-2011:156
52	http://www.debian.org/security/2012/dsa-2401
53	http://tomcat.apache.org/security-7.html
54	http://tomcat.apache.org/security-6.html
55	http://tomcat.apache.org/security-5.html
56	http://svn.apache.org/viewvc?view=revision&revision=1146005	Patch
57	http://svn.apache.org/viewvc?view=revision&revision=1145694	Patch
58	http://svn.apache.org/viewvc?view=revision&revision=1145571	Patch
59	http://svn.apache.org/viewvc?view=revision&revision=1145383	Patch
60	http://secunia.com/advisories/57126
61	http://secunia.com/advisories/48308
62	http://secunia.com/advisories/45232
63	http://rhn.redhat.com/errata/RHSA-2012-0325.html
64	http://rhn.redhat.com/errata/RHSA-2012-0078.html
65	http://rhn.redhat.com/errata/RHSA-2012-0077.html
66	http://rhn.redhat.com/errata/RHSA-2012-0076.html
67	http://rhn.redhat.com/errata/RHSA-2012-0075.html
68	http://rhn.redhat.com/errata/RHSA-2012-0074.html
69	http://osvdb.org/73798
70	http://osvdb.org/73797
71	http://marc.info/?l=bugtraq&m=139344343412337&w=2
72	http://marc.info/?l=bugtraq&m=136485229118404&w=2
73	http://marc.info/?l=bugtraq&m=136485229118404&w=2
74	http://marc.info/?l=bugtraq&m=133469267822771&w=2
75	http://marc.info/?l=bugtraq&m=133469267822771&w=2
76	http://marc.info/?l=bugtraq&m=132215163318824&w=2

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-20	不適切な入力確認	https://cwe.mitre.org/data/definitions/20.html

JVN Vulnerability Information

Apache Tomcat におけるアクセス制限を回避される脆弱性

Title	Apache Tomcat におけるアクセス制限を回避される脆弱性
Summary	Apache Tomcat は、HTTP APR または HTTP NIO コネクタに対して sendfile が有効である時、リクエスト属性の検証を行わないため、アクセス制限を回避される、またはサービス運用妨害 (無限ループまたは JVM クラッシュ) 状態となる脆弱性が存在します。
Possible impacts	ローカルユーザにより、信頼されない Web アプリケーションの利用を介して、アクセス制限を回避される、またはサービス運用妨害 (無限ループまたは JVM クラッシュ) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	July 11, 2011, midnight
Registration Date	July 26, 2011, 11:33 a.m.
Last Update	March 5, 2015, 6:18 p.m.

Affected System

ヒューレット・パッカード

HP XP P9000 Performance Advisor ソフトウェア 5.4.1 およびそれ以前

Apache Software Foundation

Apache Tomcat 5.5.34 未満

Apache Tomcat 6.0.33 未満

Apache Tomcat 7.0.19 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2011-2526	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2526
National Vulnerability Database (NVD)
2	CVE-2011-2526	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2526

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-20	https://jvndb.jvn.jp/ja/cwe/CWE-20.html

ベンダー情報

No	Name	URL
Apache Software Foundation
1	Fixed in Apache Tomcat 6.0.33	http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.33
2	Fixed_in_Apache_Tomcat_5.5.34	http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.34
3	Fixed_in_Apache_Tomcat_7.0.19	http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.19
Apache Tomcat
4	security-5	http://tomcat.apache.org/security-5.html
5	security-6	http://tomcat.apache.org/security-6.html
6	security-7	http://tomcat.apache.org/security-7.html
Apache-SVN
7	1145383	http://svn.apache.org/viewvc?view=revision&revision=1145383
8	1145571	http://svn.apache.org/viewvc?view=revision&revision=1145571
9	1145694	http://svn.apache.org/viewvc?view=revision&revision=1145694
10	1146005	http://svn.apache.org/viewvc?view=revision&revision=1146005
11	1158244	http://svn.apache.org/viewvc?rev=1158244&view=rev
HP Security Bulletin
12	HPSBST02955 SSRT101157	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04047415
13	HPSBUX02725 SSRT100627	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c03090723
14	HPSBUX02860 SSRT101146	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c03716627
Red Hat Bugzilla
15	Bug 720948	https://bugzilla.redhat.com/show_bug.cgi?id=720948
Red Hat Security Advisory
16	RHSA-2012:0074	http://rhn.redhat.com/errata/RHSA-2012-0074.html
17	RHSA-2012:0075	http://rhn.redhat.com/errata/RHSA-2012-0075.html
18	RHSA-2012:0076	http://rhn.redhat.com/errata/RHSA-2012-0076.html
19	RHSA-2012:0077	http://rhn.redhat.com/errata/RHSA-2012-0077.html
20	RHSA-2012:0078	http://rhn.redhat.com/errata/RHSA-2012-0078.html
21	RHSA-2012:0325	http://rhn.redhat.com/errata/RHSA-2012-0325.html
SECURITY BLOG
22	Multiple vulnerabilities in Oracle Java Web Console - oracle_java	https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_oracle_java
23	Multiple vulnerabilities in Oracle Java Web Console - oracle_java1	https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_oracle_java1

その他

No	Name	URL
SecurityFocus
1	48667	http://www.securityfocus.com/bid/48667
SecurityTracker
2	1025788	http://www.securitytracker.com/id/1025788

Change Log

No	Changed Details	Date of change
0	[2011年07月26日] 掲載 [2011年07月29日] ベンダ情報：Apache Software Foundation (Fixed_in_Apache_Tomcat_7.0.19) を追加 [2011年08月29日] ベンダ情報：Apache Software Foundation (1158244) を追加ベンダ情報：Apache Software Foundation (Fixed in Apache Tomcat 6.0.33) を追加 [2011年11月17日] ベンダ情報：Apache Software Foundation (Fixed_in_Apache_Tomcat_5.5.34) を追加 [2012年09月28日] ベンダ情報：オラクル (Multiple vulnerabilities in Oracle Java Web Console - oracle_java) を追加ベンダ情報：オラクル (Multiple vulnerabilities in Oracle Java Web Console - oracle_java1) を追加 [2015年03月05日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：ヒューレット・パッカード (HPSBUX02725 SSRT100627) を追加ベンダ情報：ヒューレット・パッカード (HPSBUX02860 SSRT101146) を追加ベンダ情報：ヒューレット・パッカード (HPSBST02955 SSRT101157) を追加ベンダ情報：レッドハット (RHSA-2012:0074) を追加ベンダ情報：レッドハット (RHSA-2012:0075) を追加ベンダ情報：レッドハット (RHSA-2012:0076) を追加ベンダ情報：レッドハット (RHSA-2012:0077) を追加ベンダ情報：レッドハット (RHSA-2012:0078) を追加ベンダ情報：レッドハット (RHSA-2012:0325) を追加ベンダ情報：レッドハット (Bug 720948) を追加	Feb. 17, 2018, 10:37 a.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:apache:tomcat:5.5.27:::::::*
cpe:2.3:a:apache:tomcat:5.5.18:::::::*
cpe:2.3:a:apache:tomcat:5.5.12:::::::*
cpe:2.3:a:apache:tomcat:5.5.14:::::::*
cpe:2.3:a:apache:tomcat:5.5.10:::::::*
cpe:2.3:a:apache:tomcat:5.5.4:::::::*
cpe:2.3:a:apache:tomcat:5.5.7:::::::*
cpe:2.3:a:apache:tomcat:5.5.1:::::::*
cpe:2.3:a:apache:tomcat:5.5.11:::::::*
cpe:2.3:a:apache:tomcat:5.5.28:::::::*
cpe:2.3:a:apache:tomcat:5.5.6:::::::*
cpe:2.3:a:apache:tomcat:5.5.26:::::::*
cpe:2.3:a:apache:tomcat:5.5.20:::::::*
cpe:2.3:a:apache:tomcat:5.5.15:::::::*
cpe:2.3:a:apache:tomcat:5.5.5:::::::*
cpe:2.3:a:apache:tomcat:5.5.30:::::::*
cpe:2.3:a:apache:tomcat:5.5.21:::::::*
cpe:2.3:a:apache:tomcat:5.5.22:::::::*
cpe:2.3:a:apache:tomcat:5.5.3:::::::*
cpe:2.3:a:apache:tomcat:5.5.32:::::::*
cpe:2.3:a:apache:tomcat:5.5.31:::::::*
cpe:2.3:a:apache:tomcat:5.5.9:::::::*
cpe:2.3:a:apache:tomcat:5.5.25:::::::*
cpe:2.3:a:apache:tomcat:5.5.33:::::::*
cpe:2.3:a:apache:tomcat:5.5.2:::::::*
cpe:2.3:a:apache:tomcat:5.5.0:::::::*
cpe:2.3:a:apache:tomcat:5.5.13:::::::*
cpe:2.3:a:apache:tomcat:5.5.24:::::::*
cpe:2.3:a:apache:tomcat:5.5.8:::::::*
cpe:2.3:a:apache:tomcat:5.5.16:::::::*
cpe:2.3:a:apache:tomcat:5.5.17:::::::*
cpe:2.3:a:apache:tomcat:5.5.29:::::::*
cpe:2.3:a:apache:tomcat:5.5.19:::::::*
cpe:2.3:a:apache:tomcat:5.5.23:::::::*

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:apache:tomcat:6.0.6:::::::*
cpe:2.3:a:apache:tomcat:6.0.11:::::::*
cpe:2.3:a:apache:tomcat:6.0.7:::::::*
cpe:2.3:a:apache:tomcat:6.0.4:::::::*
cpe:2.3:a:apache:tomcat:6.0.15:::::::*
cpe:2.3:a:apache:tomcat:6.0.20:::::::*
cpe:2.3:a:apache:tomcat:6.0.10:::::::*
cpe:2.3:a:apache:tomcat:6.0.31:::::::*
cpe:2.3:a:apache:tomcat:6.0.29:::::::*
cpe:2.3:a:apache:tomcat:6.0.3:::::::*
cpe:2.3:a:apache:tomcat:6.0.9:::::::*
cpe:2.3:a:apache:tomcat:6.0.24:::::::*
cpe:2.3:a:apache:tomcat:6.0.17:::::::*
cpe:2.3:a:apache:tomcat:6.0:::::::*
cpe:2.3:a:apache:tomcat:6.0.32:::::::*
cpe:2.3:a:apache:tomcat:6.0.28:::::::*
cpe:2.3:a:apache:tomcat:6.0.0:::::::*
cpe:2.3:a:apache:tomcat:6.0.14:::::::*
cpe:2.3:a:apache:tomcat:6.0.1:::::::*
cpe:2.3:a:apache:tomcat:6.0.12:::::::*
cpe:2.3:a:apache:tomcat:6.0.18:::::::*
cpe:2.3:a:apache:tomcat:6.0.5:::::::*
cpe:2.3:a:apache:tomcat:6.0.30:::::::*
cpe:2.3:a:apache:tomcat:6.0.2:::::::*
cpe:2.3:a:apache:tomcat:6.0.13:::::::*
cpe:2.3:a:apache:tomcat:6.0.26:::::::*
cpe:2.3:a:apache:tomcat:6.0.19:::::::*
cpe:2.3:a:apache:tomcat:6.0.27:::::::*
cpe:2.3:a:apache:tomcat:6.0.16:::::::*
cpe:2.3:a:apache:tomcat:6.0.8:::::::*

Configuration3	or higher	or less	more than	less than
cpe:2.3:a:apache:tomcat:7.0.12:::::::*
cpe:2.3:a:apache:tomcat:7.0.8:::::::*
cpe:2.3:a:apache:tomcat:7.0.1:::::::*
cpe:2.3:a:apache:tomcat:7.0.2:::::::*
cpe:2.3:a:apache:tomcat:7.0.5:::::::*
cpe:2.3:a:apache:tomcat:7.0.0:::::::*
cpe:2.3:a:apache:tomcat:7.0.6:::::::*
cpe:2.3:a:apache:tomcat:7.0.14:::::::*
cpe:2.3:a:apache:tomcat:7.0.11:::::::*
cpe:2.3:a:apache:tomcat:7.0.0:beta::::::
cpe:2.3:a:apache:tomcat:7.0.7:::::::*
cpe:2.3:a:apache:tomcat:7.0.10:::::::*
cpe:2.3:a:apache:tomcat:7.0.17:::::::*
cpe:2.3:a:apache:tomcat:7.0.9:::::::*
cpe:2.3:a:apache:tomcat:7.0.4:::::::*
cpe:2.3:a:apache:tomcat:7.0.3:::::::*