NVD Vulnerability Detail

CVE-2016-8745

Summary	A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage between requests including, not not limited to, session ID and the response body. The bug was first noticed in 8.5.x onwards where it appears the refactoring of the Connector code for 8.5.x onwards made it more likely that the bug was observed. Initially it was thought that the 8.5.x refactoring introduced the bug but further investigation has shown that the bug is present in all currently supported Tomcat versions.
Publication Date	Aug. 11, 2017, 7:29 a.m.
Registration Date	Jan. 26, 2021, 2:19 p.m.
Last Update	Nov. 21, 2024, 11:59 a.m.

CVSS3.0 : HIGH
スコア	7.5
Vector	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	不要
利用者の関与(UI)	不要
影響の想定範囲(S)	変更なし
機密性への影響(C)	高
完全性への影響(I)	なし
可用性への影響(A)	なし

CVSS2.0 : MEDIUM
Score	5.0
Vector	AV:N/AC:L/Au:N/C:P/I:N/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	なし
可用性への影響(A)	なし
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:apache:tomcat:8.0.4:::::::*
cpe:2.3:a:apache:tomcat:8.0.10:::::::*
cpe:2.3:a:apache:tomcat:7.0.49:::::::*
cpe:2.3:a:apache:tomcat:8.0.30:::::::*
cpe:2.3:a:apache:tomcat:7.0.12:::::::*
cpe:2.3:a:apache:tomcat:7.0.62:::::::*
cpe:2.3:a:apache:tomcat:8.0.17:::::::*
cpe:2.3:a:apache:tomcat:7.0.53:::::::*
cpe:2.3:a:apache:tomcat:7.0.20:::::::*
cpe:2.3:a:apache:tomcat:8.0.7:::::::*
cpe:2.3:a:apache:tomcat:7.0.34:::::::*
cpe:2.3:a:apache:tomcat:8.0.26:::::::*
cpe:2.3:a:apache:tomcat:7.0.58:::::::*
cpe:2.3:a:apache:tomcat:8.5.2:::::::*
cpe:2.3:a:apache:tomcat:7.0.8:::::::*
cpe:2.3:a:apache:tomcat:7.0.55:::::::*
cpe:2.3:a:apache:tomcat:8.5.4:::::::*
cpe:2.3:a:apache:tomcat:7.0.1:::::::*
cpe:2.3:a:apache:tomcat:7.0.2:::::::*
cpe:2.3:a:apache:tomcat:7.0.5:::::::*
cpe:2.3:a:apache:tomcat:8.0.2:::::::*
cpe:2.3:a:apache:tomcat:7.0.63:::::::*
cpe:2.3:a:apache:tomcat:8.0.20:::::::*
cpe:2.3:a:apache:tomcat:7.0.22:::::::*
cpe:2.3:a:apache:tomcat:8.0.31:::::::*
cpe:2.3:a:apache:tomcat:8.5.0:::::::*
cpe:2.3:a:apache:tomcat:7.0.39:::::::*
cpe:2.3:a:apache:tomcat:7.0.26:::::::*
cpe:2.3:a:apache:tomcat:7.0.46:::::::*
cpe:2.3:a:apache:tomcat:7.0.72:::::::*
cpe:2.3:a:apache:tomcat:8.0.5:::::::*
cpe:2.3:a:apache:tomcat:7.0.71:::::::*
cpe:2.3:a:apache:tomcat:7.0.28:::::::*
cpe:2.3:a:apache:tomcat:8.0.1:::::::*
cpe:2.3:a:apache:tomcat:8.0.0:rc3::::::
cpe:2.3:a:apache:tomcat:7.0.59:::::::*
cpe:2.3:a:apache:tomcat:7.0.65:::::::*
cpe:2.3:a:apache:tomcat:8.0.19:::::::*
cpe:2.3:a:apache:tomcat:7.0.0:::::::*
cpe:2.3:a:apache:tomcat:7.0.50:::::::*
cpe:2.3:a:apache:tomcat:7.0.6:::::::*
cpe:2.3:a:apache:tomcat:8.0:::::::*
cpe:2.3:a:apache:tomcat:8.0.39:::::::*
cpe:2.3:a:apache:tomcat:7.0.18:::::::*
cpe:2.3:a:apache:tomcat:8.0.12:::::::*
cpe:2.3:a:apache:tomcat:7.0.14:::::::*
cpe:2.3:a:apache:tomcat:8.0.27:::::::*
cpe:2.3:a:apache:tomcat:8.0.15:::::::*
cpe:2.3:a:apache:tomcat:7.0.48:::::::*
cpe:2.3:a:apache:tomcat:7.0.11:::::::*
cpe:2.3:a:apache:tomcat:7.0.67:::::::*
cpe:2.3:a:apache:tomcat:8.0.0:rc1::::::
cpe:2.3:a:apache:tomcat:7.0.23:::::::*
cpe:2.3:a:apache:tomcat:7.0.66:::::::*
cpe:2.3:a:apache:tomcat:8.0.22:::::::*
cpe:2.3:a:apache:tomcat:7.0.44:::::::*
cpe:2.3:a:apache:tomcat:7.0.69:::::::*
cpe:2.3:a:apache:tomcat:8.0.29:::::::*
cpe:2.3:a:apache:tomcat:7.0.7:::::::*
cpe:2.3:a:apache:tomcat:7.0.52:::::::*
cpe:2.3:a:apache:tomcat:7.0.42:::::::*
cpe:2.3:a:apache:tomcat:7.0.60:::::::*
cpe:2.3:a:apache:tomcat:7.0.37:::::::*
cpe:2.3:a:apache:tomcat:7.0.29:::::::*
cpe:2.3:a:apache:tomcat:7.0.45:::::::*
cpe:2.3:a:apache:tomcat:8.0.11:::::::*
cpe:2.3:a:apache:tomcat:8.0.24:::::::*
cpe:2.3:a:apache:tomcat:8.0.0:rc10::::::
cpe:2.3:a:apache:tomcat:8.0.36:::::::*
cpe:2.3:a:apache:tomcat:7.0.68:::::::*
cpe:2.3:a:apache:tomcat:8.5.5:::::::*
cpe:2.3:a:apache:tomcat:8.0.23:::::::*
cpe:2.3:a:apache:tomcat:8.5.3:::::::*
cpe:2.3:a:apache:tomcat:8.0.33:::::::*
cpe:2.3:a:apache:tomcat:7.0.13:::::::*
cpe:2.3:a:apache:tomcat:7.0.47:::::::*
cpe:2.3:a:apache:tomcat:8.5.6:::::::*
cpe:2.3:a:apache:tomcat:8.0.6:::::::*
cpe:2.3:a:apache:tomcat:8.0.21:::::::*
cpe:2.3:a:apache:tomcat:8.0.32:::::::*
cpe:2.3:a:apache:tomcat:7.0.41:::::::*
cpe:2.3:a:apache:tomcat:7.0.31:::::::*
cpe:2.3:a:apache:tomcat:7.0.30:::::::*
cpe:2.3:a:apache:tomcat:7.0.15:::::::*
cpe:2.3:a:apache:tomcat:7.0.19:::::::*
cpe:2.3:a:apache:tomcat:7.0.16:::::::*
cpe:2.3:a:apache:tomcat:8.0.25:::::::*
cpe:2.3:a:apache:tomcat:7.0.36:::::::*
cpe:2.3:a:apache:tomcat:8.0.18:::::::*
cpe:2.3:a:apache:tomcat:7.0.25:::::::*
cpe:2.3:a:apache:tomcat:7.0.54:::::::*
cpe:2.3:a:apache:tomcat:8.0.35:::::::*
cpe:2.3:a:apache:tomcat:7.0.35:::::::*
cpe:2.3:a:apache:tomcat:7.0.61:::::::*
cpe:2.3:a:apache:tomcat:8.0.3:::::::*
cpe:2.3:a:apache:tomcat:8.0.38:::::::*
cpe:2.3:a:apache:tomcat:7.0.57:::::::*
cpe:2.3:a:apache:tomcat:7.0.43:::::::*
cpe:2.3:a:apache:tomcat:8.0.13:::::::*
cpe:2.3:a:apache:tomcat:8.0.14:::::::*
cpe:2.3:a:apache:tomcat:8.0.9:::::::*
cpe:2.3:a:apache:tomcat:8.0.0:rc5::::::
cpe:2.3:a:apache:tomcat:7.0.32:::::::*
cpe:2.3:a:apache:tomcat:7.0.38:::::::*
cpe:2.3:a:apache:tomcat:7.0.21:::::::*
cpe:2.3:a:apache:tomcat:7.0.27:::::::*
cpe:2.3:a:apache:tomcat:8.5.7:::::::*
cpe:2.3:a:apache:tomcat:8.5.8:::::::*
cpe:2.3:a:apache:tomcat:7.0.24:::::::*
cpe:2.3:a:apache:tomcat:7.0.17:::::::*
cpe:2.3:a:apache:tomcat:7.0.40:::::::*
cpe:2.3:a:apache:tomcat:8.0.16:::::::*
cpe:2.3:a:apache:tomcat:7.0.9:::::::*
cpe:2.3:a:apache:tomcat:7.0.4:::::::*
cpe:2.3:a:apache:tomcat:8.0.8:::::::*
cpe:2.3:a:apache:tomcat:7.0.3:::::::*
cpe:2.3:a:apache:tomcat:7.0.56:::::::*
cpe:2.3:a:apache:tomcat:8.0.34:::::::*
cpe:2.3:a:apache:tomcat:8.0.28:::::::*
cpe:2.3:a:apache:tomcat:7.0.64:::::::*
cpe:2.3:a:apache:tomcat:8.0.37:::::::*
cpe:2.3:a:apache:tomcat:7.0.70:::::::*
cpe:2.3:a:apache:tomcat:8.5.1:::::::*
cpe:2.3:a:apache:tomcat:7.0.33:::::::*
cpe:2.3:a:apache:tomcat:7.0.73:::::::*
cpe:2.3:a:apache:tomcat:9.0.0:milestone1::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone10::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone11::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone12::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone13::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone2::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone3::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone4::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone5::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone6::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone7::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone8::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone9::::::

Related information, measures and tools

No	URL	タグ
1	http://rhn.redhat.com/errata/RHSA-2017-0457.html
2	http://rhn.redhat.com/errata/RHSA-2017-0457.html
3	http://rhn.redhat.com/errata/RHSA-2017-0527.html
4	http://rhn.redhat.com/errata/RHSA-2017-0527.html
5	http://www.debian.org/security/2017/dsa-3754
6	http://www.debian.org/security/2017/dsa-3754
7	http://www.debian.org/security/2017/dsa-3755
8	http://www.debian.org/security/2017/dsa-3755
9	http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
10	http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
11	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
12	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
13	http://www.securityfocus.com/bid/94828	Third Party Advisory VDB Entry
14	http://www.securityfocus.com/bid/94828	Third Party Advisory VDB Entry
15	http://www.securitytracker.com/id/1037432	Third Party Advisory VDB Entry
16	http://www.securitytracker.com/id/1037432	Third Party Advisory VDB Entry
17	https://access.redhat.com/errata/RHSA-2017:0455
18	https://access.redhat.com/errata/RHSA-2017:0455
19	https://access.redhat.com/errata/RHSA-2017:0456
20	https://access.redhat.com/errata/RHSA-2017:0456
21	https://access.redhat.com/errata/RHSA-2017:0935
22	https://access.redhat.com/errata/RHSA-2017:0935
23	https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E
24	https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E
25	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
26	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
27	https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E
28	https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E
29	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
30	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
31	https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E
32	https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E
33	https://lists.apache.org/thread.html/4113c05d37f37c12b8033205684f04033c5f7a9bae117d4af23b32b4%40%3Cannounce.tomcat.apache.org%3E
34	https://lists.apache.org/thread.html/4113c05d37f37c12b8033205684f04033c5f7a9bae117d4af23b32b4%40%3Cannounce.tomcat.apache.org%3E
35	https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E
36	https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E
37	https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E
38	https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E
39	https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E
40	https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E
41	https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E
42	https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E
43	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
44	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
45	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
46	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
47	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
48	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
49	https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E
50	https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E
51	https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E
52	https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E
53	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
54	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
55	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
56	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
57	https://security.gentoo.org/glsa/201705-09	Third Party Advisory VDB Entry
58	https://security.gentoo.org/glsa/201705-09	Third Party Advisory VDB Entry
59	https://security.netapp.com/advisory/ntap-20180607-0002/
60	https://security.netapp.com/advisory/ntap-20180607-0002/

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-388	エラー処理	https://cwe.mitre.org/data/definitions/388.html

JVN Vulnerability Information

Apache Tomcat に情報漏えいの脆弱性

Title	Apache Tomcat に情報漏えいの脆弱性
Summary	Apache Tomcat には、情報漏えいの脆弱性が存在します。【2017年1月6日更新】 Apache Tomcat の NIO HTTP コネクタに含まれているファイル送信コードには、ファイルの送信処理にエラーがあった場合、現在の Processor オブジェクトが Processor キャッシュに複数回追加される問題が存在します。これは、複数のリクエストが同時に処理される場合に同一の Processor が使用される可能性があることを意味します。複数のリクエストの処理に同一の Processor が使用されることで、セッション ID やレスポンス本体などの情報が他のセッションに漏えいする可能性があります。本脆弱性は Apache Tomcat 8.5.x で発見され、Apache Tomcat 8.5.x において行われた Connector コードのリファクタリングで作りこまれたものであると考えられていましたが、開発者によるさらなる調査の結果、現在サポートされているすべてのバージョンの Apache Tomcat に本脆弱性が存在することが判明しています。
Possible impacts	通信内容が漏えいする可能性があります。
Solution	[アップデートする］開発者が提供する情報をもとに、最新版へアップデートしてください。開発者は本脆弱性の対策版として、次のバージョンをリリースしています。　 Apache Tomcat 9.0.0.M15 　 Apache Tomcat 8.5.9 【2017年1月6日追記】開発者は、追加で次の対策バージョンをリリースします。対策バージョンがリリースされ次第、最新版へアップデートしてください。　　* Apache Tomcat 8.0.40 　　* Apache Tomcat 7.0.74 　　* Apache Tomcat 6.0.49
Publication Date	Dec. 14, 2016, midnight
Registration Date	Dec. 15, 2016, 5:18 p.m.
Last Update	Feb. 28, 2018, 11:53 a.m.

Affected System

Apache Software Foundation

Apache Tomcat 8.5.0 から 8.5.8 まで

Apache Tomcat 9.0.0.M1 から 9.0.0.M13 まで

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2016-8745	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8745
National Vulnerability Database (NVD)
2	CVE-2016-8745	https://nvd.nist.gov/vuln/detail/CVE-2016-8745

ベンダー情報

No	Name	URL
Apache Bugzilla
1	Bug 60409 - IllegalArgumentException at java.nio.Buffer.position at SocketWrapperBase.transfer()	https://bz.apache.org/bugzilla/show_bug.cgi?id=60409
Apache Tomcat
2	Fixed in Apache Tomcat 6.0.49	https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.49
3	Fixed in Apache Tomcat 7.0.74	https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.74
4	Fixed in Apache Tomcat 8.0.40	https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.40
5	Fixed in Apache Tomcat 8.5.9	https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.9
6	Fixed in Apache Tomcat 9.0.0.M15	https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M15

その他

No	Name	URL
JVN
1	JVNVU#97321122	http://jvn.jp/vu/JVNVU97321122/index.html

Change Log

No	Changed Details	Date of change
0	[2016年12月15日] 掲載 [2017年01月11日] 概要：内容を更新ベンダ情報：Apache Software Foundation (Fixed in Apache Tomcat 8.0.40) を追加ベンダ情報：Apache Software Foundation (Fixed in Apache Tomcat 7.0.74) を追加ベンダ情報：Apache Software Foundation (Fixed in Apache Tomcat 6.0.49) を追加影響を受けるシステム：ベンダ情報の追加に伴い内容を更新対策：内容を更新	Feb. 17, 2018, 10:37 a.m.
1	[2018年02月28日] 参考情報：National Vulnerability Database (NVD) (CVE-2016-8745) を追加	Feb. 28, 2018, 10:54 a.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:apache:tomcat:8.0.4:::::::*
cpe:2.3:a:apache:tomcat:8.0.10:::::::*
cpe:2.3:a:apache:tomcat:7.0.49:::::::*
cpe:2.3:a:apache:tomcat:8.0.30:::::::*
cpe:2.3:a:apache:tomcat:7.0.12:::::::*
cpe:2.3:a:apache:tomcat:7.0.62:::::::*
cpe:2.3:a:apache:tomcat:8.0.17:::::::*
cpe:2.3:a:apache:tomcat:7.0.53:::::::*
cpe:2.3:a:apache:tomcat:7.0.20:::::::*
cpe:2.3:a:apache:tomcat:8.0.7:::::::*
cpe:2.3:a:apache:tomcat:7.0.34:::::::*
cpe:2.3:a:apache:tomcat:8.0.26:::::::*
cpe:2.3:a:apache:tomcat:7.0.58:::::::*
cpe:2.3:a:apache:tomcat:8.5.2:::::::*
cpe:2.3:a:apache:tomcat:7.0.8:::::::*
cpe:2.3:a:apache:tomcat:7.0.55:::::::*
cpe:2.3:a:apache:tomcat:8.5.4:::::::*
cpe:2.3:a:apache:tomcat:7.0.1:::::::*
cpe:2.3:a:apache:tomcat:7.0.2:::::::*
cpe:2.3:a:apache:tomcat:7.0.5:::::::*
cpe:2.3:a:apache:tomcat:8.0.2:::::::*
cpe:2.3:a:apache:tomcat:7.0.63:::::::*
cpe:2.3:a:apache:tomcat:8.0.20:::::::*
cpe:2.3:a:apache:tomcat:7.0.22:::::::*
cpe:2.3:a:apache:tomcat:8.0.31:::::::*
cpe:2.3:a:apache:tomcat:8.5.0:::::::*
cpe:2.3:a:apache:tomcat:7.0.39:::::::*
cpe:2.3:a:apache:tomcat:7.0.26:::::::*
cpe:2.3:a:apache:tomcat:7.0.46:::::::*
cpe:2.3:a:apache:tomcat:7.0.72:::::::*
cpe:2.3:a:apache:tomcat:8.0.5:::::::*
cpe:2.3:a:apache:tomcat:7.0.71:::::::*
cpe:2.3:a:apache:tomcat:7.0.28:::::::*
cpe:2.3:a:apache:tomcat:8.0.1:::::::*
cpe:2.3:a:apache:tomcat:8.0.0:rc3::::::
cpe:2.3:a:apache:tomcat:7.0.59:::::::*
cpe:2.3:a:apache:tomcat:7.0.65:::::::*
cpe:2.3:a:apache:tomcat:8.0.19:::::::*
cpe:2.3:a:apache:tomcat:7.0.0:::::::*
cpe:2.3:a:apache:tomcat:7.0.50:::::::*
cpe:2.3:a:apache:tomcat:7.0.6:::::::*
cpe:2.3:a:apache:tomcat:8.0:::::::*
cpe:2.3:a:apache:tomcat:8.0.39:::::::*
cpe:2.3:a:apache:tomcat:7.0.18:::::::*
cpe:2.3:a:apache:tomcat:8.0.12:::::::*
cpe:2.3:a:apache:tomcat:7.0.14:::::::*
cpe:2.3:a:apache:tomcat:8.0.27:::::::*
cpe:2.3:a:apache:tomcat:8.0.15:::::::*
cpe:2.3:a:apache:tomcat:7.0.48:::::::*
cpe:2.3:a:apache:tomcat:7.0.11:::::::*
cpe:2.3:a:apache:tomcat:7.0.67:::::::*
cpe:2.3:a:apache:tomcat:8.0.0:rc1::::::
cpe:2.3:a:apache:tomcat:7.0.23:::::::*
cpe:2.3:a:apache:tomcat:7.0.66:::::::*
cpe:2.3:a:apache:tomcat:8.0.22:::::::*
cpe:2.3:a:apache:tomcat:7.0.44:::::::*
cpe:2.3:a:apache:tomcat:7.0.69:::::::*
cpe:2.3:a:apache:tomcat:8.0.29:::::::*
cpe:2.3:a:apache:tomcat:7.0.7:::::::*
cpe:2.3:a:apache:tomcat:7.0.52:::::::*
cpe:2.3:a:apache:tomcat:7.0.42:::::::*
cpe:2.3:a:apache:tomcat:7.0.60:::::::*
cpe:2.3:a:apache:tomcat:7.0.37:::::::*
cpe:2.3:a:apache:tomcat:7.0.29:::::::*
cpe:2.3:a:apache:tomcat:7.0.45:::::::*
cpe:2.3:a:apache:tomcat:8.0.11:::::::*
cpe:2.3:a:apache:tomcat:8.0.24:::::::*
cpe:2.3:a:apache:tomcat:8.0.0:rc10::::::
cpe:2.3:a:apache:tomcat:8.0.36:::::::*
cpe:2.3:a:apache:tomcat:7.0.68:::::::*
cpe:2.3:a:apache:tomcat:8.5.5:::::::*
cpe:2.3:a:apache:tomcat:8.0.23:::::::*
cpe:2.3:a:apache:tomcat:8.5.3:::::::*
cpe:2.3:a:apache:tomcat:8.0.33:::::::*
cpe:2.3:a:apache:tomcat:7.0.13:::::::*
cpe:2.3:a:apache:tomcat:7.0.47:::::::*
cpe:2.3:a:apache:tomcat:8.5.6:::::::*
cpe:2.3:a:apache:tomcat:8.0.6:::::::*
cpe:2.3:a:apache:tomcat:8.0.21:::::::*
cpe:2.3:a:apache:tomcat:8.0.32:::::::*
cpe:2.3:a:apache:tomcat:7.0.41:::::::*
cpe:2.3:a:apache:tomcat:7.0.31:::::::*
cpe:2.3:a:apache:tomcat:7.0.30:::::::*
cpe:2.3:a:apache:tomcat:7.0.15:::::::*
cpe:2.3:a:apache:tomcat:7.0.19:::::::*
cpe:2.3:a:apache:tomcat:7.0.16:::::::*
cpe:2.3:a:apache:tomcat:8.0.25:::::::*
cpe:2.3:a:apache:tomcat:7.0.36:::::::*
cpe:2.3:a:apache:tomcat:8.0.18:::::::*
cpe:2.3:a:apache:tomcat:7.0.25:::::::*
cpe:2.3:a:apache:tomcat:7.0.54:::::::*
cpe:2.3:a:apache:tomcat:8.0.35:::::::*
cpe:2.3:a:apache:tomcat:7.0.35:::::::*
cpe:2.3:a:apache:tomcat:7.0.61:::::::*
cpe:2.3:a:apache:tomcat:8.0.3:::::::*
cpe:2.3:a:apache:tomcat:8.0.38:::::::*
cpe:2.3:a:apache:tomcat:7.0.57:::::::*
cpe:2.3:a:apache:tomcat:7.0.43:::::::*
cpe:2.3:a:apache:tomcat:8.0.13:::::::*
cpe:2.3:a:apache:tomcat:8.0.14:::::::*
cpe:2.3:a:apache:tomcat:8.0.9:::::::*
cpe:2.3:a:apache:tomcat:8.0.0:rc5::::::
cpe:2.3:a:apache:tomcat:7.0.32:::::::*
cpe:2.3:a:apache:tomcat:7.0.38:::::::*
cpe:2.3:a:apache:tomcat:7.0.21:::::::*
cpe:2.3:a:apache:tomcat:7.0.27:::::::*
cpe:2.3:a:apache:tomcat:8.5.7:::::::*
cpe:2.3:a:apache:tomcat:8.5.8:::::::*
cpe:2.3:a:apache:tomcat:7.0.24:::::::*
cpe:2.3:a:apache:tomcat:7.0.17:::::::*
cpe:2.3:a:apache:tomcat:7.0.40:::::::*
cpe:2.3:a:apache:tomcat:8.0.16:::::::*
cpe:2.3:a:apache:tomcat:7.0.9:::::::*
cpe:2.3:a:apache:tomcat:7.0.4:::::::*
cpe:2.3:a:apache:tomcat:8.0.8:::::::*
cpe:2.3:a:apache:tomcat:7.0.3:::::::*
cpe:2.3:a:apache:tomcat:7.0.56:::::::*
cpe:2.3:a:apache:tomcat:8.0.34:::::::*
cpe:2.3:a:apache:tomcat:8.0.28:::::::*
cpe:2.3:a:apache:tomcat:7.0.64:::::::*
cpe:2.3:a:apache:tomcat:8.0.37:::::::*
cpe:2.3:a:apache:tomcat:7.0.70:::::::*
cpe:2.3:a:apache:tomcat:8.5.1:::::::*
cpe:2.3:a:apache:tomcat:7.0.33:::::::*
cpe:2.3:a:apache:tomcat:7.0.73:::::::*
cpe:2.3:a:apache:tomcat:9.0.0:milestone1::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone10::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone11::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone12::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone13::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone2::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone3::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone4::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone5::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone6::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone7::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone8::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone9::::::