NVD Vulnerability Detail

CVE-2014-0099

Summary	Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
Publication Date	May 31, 2014, 8:17 p.m.
Registration Date	Jan. 26, 2021, 3:04 p.m.
Last Update	Nov. 21, 2024, 11:01 a.m.

CVSS2.0 : MEDIUM
Score	4.3
Vector	AV:N/AC:M/Au:N/C:N/I:P/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	低
可用性への影響(A)	なし
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:apache:tomcat:6.0.33:::::::*
cpe:2.3:a:apache:tomcat:6.0.0:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.6:::::::*
cpe:2.3:a:apache:tomcat:6.0.4:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.11:::::::*
cpe:2.3:a:apache:tomcat::::::::		6.0.39
cpe:2.3:a:apache:tomcat:6:::::::*
cpe:2.3:a:apache:tomcat:6.0.7:::::::*
cpe:2.3:a:apache:tomcat:6.0.4:::::::*
cpe:2.3:a:apache:tomcat:6.0.15:::::::*
cpe:2.3:a:apache:tomcat:6.0.20:::::::*
cpe:2.3:a:apache:tomcat:6.0.9:beta::::::
cpe:2.3:a:apache:tomcat:6.0.10:::::::*
cpe:2.3:a:apache:tomcat:6.0.31:::::::*
cpe:2.3:a:apache:tomcat:6.0.29:::::::*
cpe:2.3:a:apache:tomcat:6.0.3:::::::*
cpe:2.3:a:apache:tomcat:6.0.9:::::::*
cpe:2.3:a:apache:tomcat:6.0.1:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.7:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.24:::::::*
cpe:2.3:a:apache:tomcat:6.0.37:::::::*
cpe:2.3:a:apache:tomcat:6.0.17:::::::*
cpe:2.3:a:apache:tomcat:6.0:::::::*
cpe:2.3:a:apache:tomcat:6.0.32:::::::*
cpe:2.3:a:apache:tomcat:6.0.28:::::::*
cpe:2.3:a:apache:tomcat:6.0.0:::::::*
cpe:2.3:a:apache:tomcat:6.0.14:::::::*
cpe:2.3:a:apache:tomcat:6.0.6:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.1:::::::*
cpe:2.3:a:apache:tomcat:6.0.12:::::::*
cpe:2.3:a:apache:tomcat:6.0.18:::::::*
cpe:2.3:a:apache:tomcat:6.0.2:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.5:::::::*
cpe:2.3:a:apache:tomcat:6.0.7:beta::::::
cpe:2.3:a:apache:tomcat:6.0.30:::::::*
cpe:2.3:a:apache:tomcat:6.0.2:::::::*
cpe:2.3:a:apache:tomcat:6.0.2:beta::::::
cpe:2.3:a:apache:tomcat:6.0.13:::::::*
cpe:2.3:a:apache:tomcat:6.0.8:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.26:::::::*
cpe:2.3:a:apache:tomcat:6.0.19:::::::*
cpe:2.3:a:apache:tomcat:6.0.27:::::::*
cpe:2.3:a:apache:tomcat:6.0.35:::::::*
cpe:2.3:a:apache:tomcat:6.0.16:::::::*
cpe:2.3:a:apache:tomcat:6.0.36:::::::*
cpe:2.3:a:apache:tomcat:6.0.8:::::::*

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:apache:tomcat:8.0.1:::::::*
cpe:2.3:a:apache:tomcat:8.0.0:rc2::::::
cpe:2.3:a:apache:tomcat:8.0.0:rc1::::::
cpe:2.3:a:apache:tomcat:8.0.0:rc10::::::
cpe:2.3:a:apache:tomcat:8.0.3:::::::*
cpe:2.3:a:apache:tomcat:8.0.0:rc5::::::

Configuration3	or higher	or less	more than	less than
cpe:2.3:a:apache:tomcat:7.0.2:beta::::::
cpe:2.3:a:apache:tomcat:7.0.49:::::::*
cpe:2.3:a:apache:tomcat:7.0.12:::::::*
cpe:2.3:a:apache:tomcat:7.0.20:::::::*
cpe:2.3:a:apache:tomcat:7.0.34:::::::*
cpe:2.3:a:apache:tomcat:7.0.8:::::::*
cpe:2.3:a:apache:tomcat:7.0.1:::::::*
cpe:2.3:a:apache:tomcat:7.0.2:::::::*
cpe:2.3:a:apache:tomcat:7.0.5:::::::*
cpe:2.3:a:apache:tomcat:7.0.4:beta::::::
cpe:2.3:a:apache:tomcat:7.0.22:::::::*
cpe:2.3:a:apache:tomcat:7.0.39:::::::*
cpe:2.3:a:apache:tomcat:7.0.26:::::::*
cpe:2.3:a:apache:tomcat:7.0.46:::::::*
cpe:2.3:a:apache:tomcat:7.0.28:::::::*
cpe:2.3:a:apache:tomcat:7.0.0:::::::*
cpe:2.3:a:apache:tomcat:7.0.50:::::::*
cpe:2.3:a:apache:tomcat:7.0.6:::::::*
cpe:2.3:a:apache:tomcat:7.0.18:::::::*
cpe:2.3:a:apache:tomcat:7.0.14:::::::*
cpe:2.3:a:apache:tomcat:7.0.48:::::::*
cpe:2.3:a:apache:tomcat:7.0.11:::::::*
cpe:2.3:a:apache:tomcat:7.0.23:::::::*
cpe:2.3:a:apache:tomcat:7.0.0:beta::::::
cpe:2.3:a:apache:tomcat:7.0.44:::::::*
cpe:2.3:a:apache:tomcat:7.0.7:::::::*
cpe:2.3:a:apache:tomcat:7.0.52:::::::*
cpe:2.3:a:apache:tomcat:7.0.42:::::::*
cpe:2.3:a:apache:tomcat:7.0.37:::::::*
cpe:2.3:a:apache:tomcat:7.0.29:::::::*
cpe:2.3:a:apache:tomcat:7.0.45:::::::*
cpe:2.3:a:apache:tomcat:7.0.13:::::::*
cpe:2.3:a:apache:tomcat:7.0.47:::::::*
cpe:2.3:a:apache:tomcat:7.0.41:::::::*
cpe:2.3:a:apache:tomcat:7.0.31:::::::*
cpe:2.3:a:apache:tomcat:7.0.30:::::::*
cpe:2.3:a:apache:tomcat:7.0.15:::::::*
cpe:2.3:a:apache:tomcat:7.0.19:::::::*
cpe:2.3:a:apache:tomcat:7.0.16:::::::*
cpe:2.3:a:apache:tomcat:7.0.10:::::::*
cpe:2.3:a:apache:tomcat:7.0.36:::::::*
cpe:2.3:a:apache:tomcat:7.0.25:::::::*
cpe:2.3:a:apache:tomcat:7.0.35:::::::*
cpe:2.3:a:apache:tomcat:7.0.43:::::::*
cpe:2.3:a:apache:tomcat:7.0.32:::::::*
cpe:2.3:a:apache:tomcat:7.0.38:::::::*
cpe:2.3:a:apache:tomcat:7.0.21:::::::*
cpe:2.3:a:apache:tomcat:7.0.27:::::::*
cpe:2.3:a:apache:tomcat:7.0.24:::::::*
cpe:2.3:a:apache:tomcat:7.0.17:::::::*
cpe:2.3:a:apache:tomcat:7.0.40:::::::*
cpe:2.3:a:apache:tomcat:7.0.9:::::::*
cpe:2.3:a:apache:tomcat:7.0.4:::::::*
cpe:2.3:a:apache:tomcat:7.0.3:::::::*
cpe:2.3:a:apache:tomcat:7.0.33:::::::*

Related information, measures and tools

No	URL	タグ
1	http://advisories.mageia.org/MGASA-2014-0268.html
2	http://advisories.mageia.org/MGASA-2014-0268.html
3	http://linux.oracle.com/errata/ELSA-2014-0865.html
4	http://linux.oracle.com/errata/ELSA-2014-0865.html
5	http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html
6	http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html
7	http://marc.info/?l=bugtraq&m=141017844705317&w=2
8	http://marc.info/?l=bugtraq&m=141017844705317&w=2
9	http://marc.info/?l=bugtraq&m=141017844705317&w=2
10	http://marc.info/?l=bugtraq&m=141017844705317&w=2
11	http://marc.info/?l=bugtraq&m=141390017113542&w=2
12	http://marc.info/?l=bugtraq&m=141390017113542&w=2
13	http://marc.info/?l=bugtraq&m=144498216801440&w=2
14	http://marc.info/?l=bugtraq&m=144498216801440&w=2
15	http://rhn.redhat.com/errata/RHSA-2015-0675.html
16	http://rhn.redhat.com/errata/RHSA-2015-0675.html
17	http://rhn.redhat.com/errata/RHSA-2015-0720.html
18	http://rhn.redhat.com/errata/RHSA-2015-0720.html
19	http://rhn.redhat.com/errata/RHSA-2015-0765.html
20	http://rhn.redhat.com/errata/RHSA-2015-0765.html
21	http://seclists.org/fulldisclosure/2014/Dec/23
22	http://seclists.org/fulldisclosure/2014/Dec/23
23	http://seclists.org/fulldisclosure/2014/May/138
24	http://seclists.org/fulldisclosure/2014/May/138
25	http://seclists.org/fulldisclosure/2014/May/140
26	http://seclists.org/fulldisclosure/2014/May/140
27	http://secunia.com/advisories/59121
28	http://secunia.com/advisories/59121
29	http://secunia.com/advisories/59678
30	http://secunia.com/advisories/59678
31	http://secunia.com/advisories/59732
32	http://secunia.com/advisories/59732
33	http://secunia.com/advisories/59835
34	http://secunia.com/advisories/59835
35	http://secunia.com/advisories/59849
36	http://secunia.com/advisories/59849
37	http://secunia.com/advisories/59873
38	http://secunia.com/advisories/59873
39	http://secunia.com/advisories/60729
40	http://secunia.com/advisories/60729
41	http://secunia.com/advisories/60793
42	http://secunia.com/advisories/60793
43	http://svn.apache.org/viewvc?view=revision&revision=1578812
44	http://svn.apache.org/viewvc?view=revision&revision=1578812
45	http://svn.apache.org/viewvc?view=revision&revision=1578814
46	http://svn.apache.org/viewvc?view=revision&revision=1578814
47	http://svn.apache.org/viewvc?view=revision&revision=1580473
48	http://svn.apache.org/viewvc?view=revision&revision=1580473
49	http://tomcat.apache.org/security-6.html	Vendor Advisory
50	http://tomcat.apache.org/security-6.html	Vendor Advisory
51	http://tomcat.apache.org/security-7.html	Vendor Advisory
52	http://tomcat.apache.org/security-7.html	Vendor Advisory
53	http://tomcat.apache.org/security-8.html	Vendor Advisory
54	http://tomcat.apache.org/security-8.html	Vendor Advisory
55	http://www.debian.org/security/2016/dsa-3447
56	http://www.debian.org/security/2016/dsa-3447
57	http://www.debian.org/security/2016/dsa-3530
58	http://www.debian.org/security/2016/dsa-3530
59	http://www.mandriva.com/security/advisories?name=MDVSA-2015:052
60	http://www.mandriva.com/security/advisories?name=MDVSA-2015:052
61	http://www.mandriva.com/security/advisories?name=MDVSA-2015:053
62	http://www.mandriva.com/security/advisories?name=MDVSA-2015:053
63	http://www.mandriva.com/security/advisories?name=MDVSA-2015:084
64	http://www.mandriva.com/security/advisories?name=MDVSA-2015:084
65	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
66	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
67	http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
68	http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
69	http://www.securityfocus.com/archive/1/532218/100/0/threaded
70	http://www.securityfocus.com/archive/1/532218/100/0/threaded
71	http://www.securityfocus.com/archive/1/532221/100/0/threaded
72	http://www.securityfocus.com/archive/1/532221/100/0/threaded
73	http://www.securityfocus.com/archive/1/534161/100/0/threaded
74	http://www.securityfocus.com/archive/1/534161/100/0/threaded
75	http://www.securityfocus.com/bid/67668
76	http://www.securityfocus.com/bid/67668
77	http://www.securitytracker.com/id/1030302
78	http://www.securitytracker.com/id/1030302
79	http://www.vmware.com/security/advisories/VMSA-2014-0012.html
80	http://www.vmware.com/security/advisories/VMSA-2014-0012.html
81	http://www-01.ibm.com/support/docview.wss?uid=swg21678231
82	http://www-01.ibm.com/support/docview.wss?uid=swg21678231
83	http://www-01.ibm.com/support/docview.wss?uid=swg21680603
84	http://www-01.ibm.com/support/docview.wss?uid=swg21680603
85	http://www-01.ibm.com/support/docview.wss?uid=swg21681528
86	http://www-01.ibm.com/support/docview.wss?uid=swg21681528
87	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013
88	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013
89	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
90	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
91	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
92	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
93	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
94	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
95	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
96	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
97	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
98	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
99	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
100	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-189	数値処理の問題	https://cwe.mitre.org/data/definitions/189.html

JVN Vulnerability Information

Apache Tomcat の java/org/apache/tomcat/util/buf/Ascii.java における整数オーバーフローの脆弱性

Title	Apache Tomcat の java/org/apache/tomcat/util/buf/Ascii.java における整数オーバーフローの脆弱性
Summary	Apache Tomcat の java/org/apache/tomcat/util/buf/Ascii.java には、リバースプロキシの背後で動作する場合、整数オーバーフローの脆弱性が存在します。
Possible impacts	第三者により、巧妙に細工された Content-Length HTTP ヘッダを介して、HTTP Request Smuggling 攻撃を実行される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	March 27, 2014, midnight
Registration Date	June 3, 2014, 5:39 p.m.
Last Update	Nov. 22, 2016, 4 p.m.

Affected System

Apache Software Foundation

Apache Tomcat 6.0.40 未満

Apache Tomcat 7.0.53 未満の 7.x

Apache Tomcat 8.0.4 未満の 8.x

オラクル

Oracle Communications Policy Management 10.4.1

Oracle Communications Policy Management 12.1.1 およびそれ以前

Oracle Communications Policy Management 9.7.3

Oracle Communications Policy Management 9.9.1

Oracle Virtualization の Oracle Secure Global Desktop 4.63

Oracle Virtualization の Oracle Secure Global Desktop 4.71

Oracle Virtualization の Oracle Secure Global Desktop 5.0

Oracle Virtualization の Oracle Secure Global Desktop 5.1

IBM

IBM UrbanCode Release 6.0

IBM UrbanCode Release 6.0.0.1

IBM UrbanCode Release 6.0.1

IBM UrbanCode Release 6.0.1.1

IBM UrbanCode Release 6.0.1.2

IBM UrbanCode Release 6.0.1.3

IBM UrbanCode Release 6.0.1.4

IBM UrbanCode Release 6.1

Rational Build Forge 7.1.2

Rational Lifecycle Integration Adapter for HP ALM 1.0 から 1.1

日立

JP1/Cm2/Network Node Manager i

JP1/Cm2/Network Node Manager i Advanced

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2014-0099	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0099
National Vulnerability Database (NVD)
2	CVE-2014-0099	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0099
SECURITY BLOG
3	CVE-2014-0099 Numeric Errors vulnerability in Apache Tomcat	https://blogs.oracle.com/sunsecurity/entry/cve_2014_0099_numeric_errors

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-189	https://jvndb.jvn.jp/ja/cwe/CWE-189.html

ベンダー情報

No	Name	URL
Apache Tomcat
1	Apache Tomcat 6.x vulnerabilities	http://tomcat.apache.org/security-6.html
2	Apache Tomcat 7.x vulnerabilities	http://tomcat.apache.org/security-7.html
3	Apache Tomcat 8.x vulnerabilities	http://tomcat.apache.org/security-8.html
Apache-SVN
4	Revision 1578812	http://svn.apache.org/viewvc?view=revision&revision=1578812
5	Revision 1578814	http://svn.apache.org/viewvc?view=revision&revision=1578814
6	Revision 1580473	http://svn.apache.org/viewvc?view=revision&revision=1580473
Hitachi Software Vulnerability Information
7	HS15-007	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-007/index.html
HP Security Bulletin
8	HPSBUX03150 SSRT101681	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04483248
IBM Support Document
9	1678231	http://www-01.ibm.com/support/docview.wss?uid=swg21678231
10	1680603	http://www-01.ibm.com/support/docview.wss?uid=swg21680603
11	1681528	http://www-01.ibm.com/support/docview.wss?uid=swg21681528
Oracle
12	ELSA-2014-0865	http://linux.oracle.com/errata/ELSA-2014-0865.html
Oracle Critical Patch Update
13	Oracle Critical Patch Update Advisory - July 2014	http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
14	Oracle Critical Patch Update Advisory - October 2016	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
15	Text Form of Oracle Critical Patch Update - July 2014 Risk Matrices	http://www.oracle.com/technetwork/topics/security/cpujul2014verbose-1972958.html
16	Text Form of Oracle Critical Patch Update - October 2016 Risk Matrices	http://www.oracle.com/technetwork/security-advisory/cpuoct2016verbose-2881725.html
Red Hat Security Advisory
17	RHSA-2015:0234	https://rhn.redhat.com/errata/RHSA-2015-0234.html
18	RHSA-2015:0235	https://rhn.redhat.com/errata/RHSA-2015-0235.html
19	RHSA-2015:0675	http://rhn.redhat.com/errata/RHSA-2015-0675.html
20	RHSA-2015:0720	http://rhn.redhat.com/errata/RHSA-2015-0720.html
21	RHSA-2015:0765	http://rhn.redhat.com/errata/RHSA-2015-0765.html
SECURITY BLOG
22	October 2016 Critical Patch Update Released	https://blogs.oracle.com/security/entry/october_2016_critical_patch_update
VMware Security Advisories
23	VMSA-2014-0012	http://www.vmware.com/security/advisories/VMSA-2014-0012.html
ソフトウェア製品セキュリティ情報
24	HS15-007	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-007/index.html

その他

No	Name	URL
関連文書
1	MGASA-2014-0268	http://advisories.mageia.org/MGASA-2014-0268.html

Change Log

No	Changed Details	Date of change
0	[2014年06月03日] 掲載 [2014年07月25日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：オラクル (ELSA-2014-0865) を追加ベンダ情報：オラクル (Oracle Critical Patch Update Advisory - July 2014) を追加ベンダ情報：オラクル (Text Form of Oracle Critical Patch Update - July 2014 Risk Matrices) を追加ベンダ情報：オラクル (CVE-2014-0099 Numeric Errors vulnerability in Apache Tomcat) を追加 [2014年08月06日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：IBM (1678231) を追加 [2014年09月09日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：IBM (1681528) を追加ベンダ情報：IBM (1680603) を追加 [2014年12月08日] ベンダ情報：ヒューレット・パッカード (HPSBUX03150 SSRT10168) を追加 [2015年03月02日] ベンダ情報：レッドハット (RHSA-2015:0234) を追加ベンダ情報：レッドハット (RHSA-2015:0235) を追加 [2015年03月16日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：日立 (HS15-007) を追加 [2015年05月11日] ベンダ情報：レッドハット (RHSA-2015:0675) を追加ベンダ情報：レッドハット (RHSA-2015:0720) を追加ベンダ情報：レッドハット (RHSA-2015:0765) を追加ベンダ情報：VMware (VMSA-2014-0012) を追加参考情報：関連文書 (MGASA-2014-0268) を追加 [2016年11月22日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：オラクル (Oracle Critical Patch Update Advisory - October 2016) を追加ベンダ情報：オラクル (Text Form of Oracle Critical Patch Update - October 2016 Risk Matrices) を追加ベンダ情報：オラクル (October 2016 Critical Patch Update Released) を追加	Feb. 17, 2018, 10:37 a.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:apache:tomcat:6.0.33:::::::*
cpe:2.3:a:apache:tomcat:6.0.0:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.6:::::::*
cpe:2.3:a:apache:tomcat:6.0.4:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.11:::::::*
cpe:2.3:a:apache:tomcat::::::::		6.0.39
cpe:2.3:a:apache:tomcat:6:::::::*
cpe:2.3:a:apache:tomcat:6.0.7:::::::*
cpe:2.3:a:apache:tomcat:6.0.4:::::::*
cpe:2.3:a:apache:tomcat:6.0.15:::::::*
cpe:2.3:a:apache:tomcat:6.0.20:::::::*
cpe:2.3:a:apache:tomcat:6.0.9:beta::::::
cpe:2.3:a:apache:tomcat:6.0.10:::::::*
cpe:2.3:a:apache:tomcat:6.0.31:::::::*
cpe:2.3:a:apache:tomcat:6.0.29:::::::*
cpe:2.3:a:apache:tomcat:6.0.3:::::::*
cpe:2.3:a:apache:tomcat:6.0.9:::::::*
cpe:2.3:a:apache:tomcat:6.0.1:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.7:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.24:::::::*
cpe:2.3:a:apache:tomcat:6.0.37:::::::*
cpe:2.3:a:apache:tomcat:6.0.17:::::::*
cpe:2.3:a:apache:tomcat:6.0:::::::*
cpe:2.3:a:apache:tomcat:6.0.32:::::::*
cpe:2.3:a:apache:tomcat:6.0.28:::::::*
cpe:2.3:a:apache:tomcat:6.0.0:::::::*
cpe:2.3:a:apache:tomcat:6.0.14:::::::*
cpe:2.3:a:apache:tomcat:6.0.6:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.1:::::::*
cpe:2.3:a:apache:tomcat:6.0.12:::::::*
cpe:2.3:a:apache:tomcat:6.0.18:::::::*
cpe:2.3:a:apache:tomcat:6.0.2:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.5:::::::*
cpe:2.3:a:apache:tomcat:6.0.7:beta::::::
cpe:2.3:a:apache:tomcat:6.0.30:::::::*
cpe:2.3:a:apache:tomcat:6.0.2:::::::*
cpe:2.3:a:apache:tomcat:6.0.2:beta::::::
cpe:2.3:a:apache:tomcat:6.0.13:::::::*
cpe:2.3:a:apache:tomcat:6.0.8:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.26:::::::*
cpe:2.3:a:apache:tomcat:6.0.19:::::::*
cpe:2.3:a:apache:tomcat:6.0.27:::::::*
cpe:2.3:a:apache:tomcat:6.0.35:::::::*
cpe:2.3:a:apache:tomcat:6.0.16:::::::*
cpe:2.3:a:apache:tomcat:6.0.36:::::::*
cpe:2.3:a:apache:tomcat:6.0.8:::::::*

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:apache:tomcat:8.0.1:::::::*
cpe:2.3:a:apache:tomcat:8.0.0:rc2::::::
cpe:2.3:a:apache:tomcat:8.0.0:rc1::::::
cpe:2.3:a:apache:tomcat:8.0.0:rc10::::::
cpe:2.3:a:apache:tomcat:8.0.3:::::::*
cpe:2.3:a:apache:tomcat:8.0.0:rc5::::::

Configuration3	or higher	or less	more than	less than
cpe:2.3:a:apache:tomcat:7.0.2:beta::::::
cpe:2.3:a:apache:tomcat:7.0.49:::::::*
cpe:2.3:a:apache:tomcat:7.0.12:::::::*
cpe:2.3:a:apache:tomcat:7.0.20:::::::*
cpe:2.3:a:apache:tomcat:7.0.34:::::::*
cpe:2.3:a:apache:tomcat:7.0.8:::::::*
cpe:2.3:a:apache:tomcat:7.0.1:::::::*
cpe:2.3:a:apache:tomcat:7.0.2:::::::*
cpe:2.3:a:apache:tomcat:7.0.5:::::::*
cpe:2.3:a:apache:tomcat:7.0.4:beta::::::
cpe:2.3:a:apache:tomcat:7.0.22:::::::*
cpe:2.3:a:apache:tomcat:7.0.39:::::::*
cpe:2.3:a:apache:tomcat:7.0.26:::::::*
cpe:2.3:a:apache:tomcat:7.0.46:::::::*
cpe:2.3:a:apache:tomcat:7.0.28:::::::*
cpe:2.3:a:apache:tomcat:7.0.0:::::::*
cpe:2.3:a:apache:tomcat:7.0.50:::::::*
cpe:2.3:a:apache:tomcat:7.0.6:::::::*
cpe:2.3:a:apache:tomcat:7.0.18:::::::*
cpe:2.3:a:apache:tomcat:7.0.14:::::::*
cpe:2.3:a:apache:tomcat:7.0.48:::::::*
cpe:2.3:a:apache:tomcat:7.0.11:::::::*
cpe:2.3:a:apache:tomcat:7.0.23:::::::*
cpe:2.3:a:apache:tomcat:7.0.0:beta::::::
cpe:2.3:a:apache:tomcat:7.0.44:::::::*
cpe:2.3:a:apache:tomcat:7.0.7:::::::*
cpe:2.3:a:apache:tomcat:7.0.52:::::::*
cpe:2.3:a:apache:tomcat:7.0.42:::::::*
cpe:2.3:a:apache:tomcat:7.0.37:::::::*
cpe:2.3:a:apache:tomcat:7.0.29:::::::*
cpe:2.3:a:apache:tomcat:7.0.45:::::::*
cpe:2.3:a:apache:tomcat:7.0.13:::::::*
cpe:2.3:a:apache:tomcat:7.0.47:::::::*
cpe:2.3:a:apache:tomcat:7.0.41:::::::*
cpe:2.3:a:apache:tomcat:7.0.31:::::::*
cpe:2.3:a:apache:tomcat:7.0.30:::::::*
cpe:2.3:a:apache:tomcat:7.0.15:::::::*
cpe:2.3:a:apache:tomcat:7.0.19:::::::*
cpe:2.3:a:apache:tomcat:7.0.16:::::::*
cpe:2.3:a:apache:tomcat:7.0.10:::::::*
cpe:2.3:a:apache:tomcat:7.0.36:::::::*
cpe:2.3:a:apache:tomcat:7.0.25:::::::*
cpe:2.3:a:apache:tomcat:7.0.35:::::::*
cpe:2.3:a:apache:tomcat:7.0.43:::::::*
cpe:2.3:a:apache:tomcat:7.0.32:::::::*
cpe:2.3:a:apache:tomcat:7.0.38:::::::*
cpe:2.3:a:apache:tomcat:7.0.21:::::::*
cpe:2.3:a:apache:tomcat:7.0.27:::::::*
cpe:2.3:a:apache:tomcat:7.0.24:::::::*
cpe:2.3:a:apache:tomcat:7.0.17:::::::*
cpe:2.3:a:apache:tomcat:7.0.40:::::::*
cpe:2.3:a:apache:tomcat:7.0.9:::::::*
cpe:2.3:a:apache:tomcat:7.0.4:::::::*
cpe:2.3:a:apache:tomcat:7.0.3:::::::*
cpe:2.3:a:apache:tomcat:7.0.33:::::::*