| タイトル | Apache Tomcat の複数の脆弱性に対するアップデート |
|---|---|
| 概要 | The Apache Software Foundation から、Apache Tomcat に関する次の複数の脆弱性に対するアップデートが公開されました。 * HTTP レスポンスの改ざん (CVE-2016-6816) * サービス運用妨害 (DoS) (CVE-2016-6817) * 任意のコード実行 (CVE-2016-8735) |
| 想定される影響 | 想定される影響は各脆弱性により異なりますが、情報漏えい、サービス運用妨害 (DoS)、任意のコード実行などの影響を受ける可能性があります。 |
| 対策 | [アップデートする] 開発者が提供する情報をもとに、最新版へアップデートしてください。 開発者はこれらの脆弱性の対策版として、次のバージョンをリリースしています。 * Apache Tomcat 9.0.0.M13 * Apache Tomcat 8.5.8 * Apache Tomcat 8.0.39 * Apache Tomcat 7.0.73 * Apache Tomcat 6.0.48 |
| 公表日 | 2016年11月24日0:00 |
| 登録日 | 2017年3月9日13:39 |
| 最終更新日 | 2019年4月12日10:28 |
| Apache Software Foundation |
| Apache Tomcat 6.0.0 から 6.0.47 まで |
| Apache Tomcat 7.0.0 から 7.0.72 まで |
| Apache Tomcat 8.0.0.RC1 から 8.0.38 まで |
| Apache Tomcat 8.5.0 から 8.5.6 まで |
| Apache Tomcat 9.0.0.M1 から 9.0.0.M11 まで |
| Apache Tomcat 6.0.0 から 6.0.47 まで |
| Apache Tomcat 7.0.0 から 7.0.72 まで |
| Apache Tomcat 8.0.0.RC1 から 8.0.38 まで |
| Apache Tomcat 8.5.0 から 8.5.6 まで |
| Apache Tomcat 9.0.0.M1 から 9.0.0.M11 まで |
| 日本電気 |
| MailShooter 全バージョン |
| MailShooter 全バージョン |
| SimpWright V6 |
| SimpWright V7 |
| SimpWright V6 |
| SimpWright V7 |
| SpoolServerシリーズ ReportFiling Ver5.2 から 6.2 |
| SpoolServerシリーズ ReportFiling Ver5.2 から 6.2 |
| 日立 |
| Cosminexus Application Server Enterprise Version 6 |
| Cosminexus Application Server Enterprise Version 6 |
| Cosminexus Application Server Standard Version 6 |
| Cosminexus Application Server Standard Version 6 |
| Cosminexus Application Server Version 5 |
| Cosminexus Application Server Version 5 |
| Cosminexus Component Container |
| Cosminexus Component Container |
| Cosminexus Developer Light Version 6 |
| Cosminexus Developer Light Version 6 |
| Cosminexus Developer Professional Version 6 |
| Cosminexus Developer Professional Version 6 |
| Cosminexus Developer Standard Version 6 |
| Cosminexus Developer Standard Version 6 |
| Cosminexus Developer Version 5 |
| Cosminexus Developer Version 5 |
| Cosminexus Primary Server Base Version 5 |
| Cosminexus Primary Server Base Version 6 |
| Cosminexus Primary Server Version 6 |
| Cosminexus Primary Server Base Version 5 |
| Cosminexus Primary Server Base Version 6 |
| Cosminexus Primary Server Version 6 |
| Cosminexus Studio Light Version |
| Cosminexus Studio Light Version |
| Embedded Cosminexus Server Version 5 |
| Embedded Cosminexus Server Version 5 |
| JP1/Cm2/Network Node Manager |
| JP1/Cm2/Network Node Manager |
| JP1/Network Node Manager |
| JP1/Network Node Manager |
| uCosminexus Application Server |
| uCosminexus Application Server (64) |
| uCosminexus Application Server -R |
| uCosminexus Application Server Express |
| uCosminexus Application Server Light |
| uCosminexus Application Server Standard-R |
| uCosminexus Application Server |
| uCosminexus Application Server (64) |
| uCosminexus Application Server -R |
| uCosminexus Application Server Express |
| uCosminexus Application Server Light |
| uCosminexus Application Server Standard-R |
| uCosminexus Application Server Enterprise |
| uCosminexus Application Server Enterprise |
| uCosminexus Application Server Smart Edition |
| uCosminexus Application Server Smart Edition |
| uCosminexus Application Server Standard |
| uCosminexus Application Server Standard |
| uCosminexus Developer |
| uCosminexus Developer 01 |
| uCosminexus Developer Professional |
| uCosminexus Developer Professional for ATM |
| uCosminexus Developer Professional for Plug-in |
| uCosminexus Developer |
| uCosminexus Developer 01 |
| uCosminexus Developer Professional |
| uCosminexus Developer Professional for ATM |
| uCosminexus Developer Professional for Plug-in |
| uCosminexus Developer Light |
| uCosminexus Developer Light |
| uCosminexus Developer Standard |
| uCosminexus Developer Standard |
| uCosminexus Primary Server Base |
| uCosminexus Primary Server Base(64) |
| uCosminexus Primary Server Base |
| uCosminexus Primary Server Base(64) |
| uCosminexus Service Architect |
| uCosminexus Service Architect |
| uCosminexus Service Platform |
| uCosminexus Service Platform (64) |
| uCosminexus Service Platform - Messaging |
| uCosminexus Service Platform |
| uCosminexus Service Platform (64) |
| uCosminexus Service Platform - Messaging |
| プログラミング環境 for Java |
| プログラミング環境 for Java |
| No | 変更内容 | 変更日 |
|---|---|---|
| 1 | [2018年02月28日] 参考情報:National Vulnerability Database (NVD) (CVE-2016-6816) を追加 参考情報:National Vulnerability Database (NVD) (CVE-2016-6817) を追加 参考情報:National Vulnerability Database (NVD) (CVE-2016-8735) を追加 |
2018年2月28日10:48 |
| 2 | [2019年04月11日] 影響を受けるシステム:ベンダ情報の追加に伴い内容を更新 ベンダ情報:日立 (hitachi-sec-2019-107) を追加 |
2019年4月11日14:38 |
| 0 | [2017年03月09日] 掲載 [2017年04月05日] 影響を受けるシステム:ベンダ情報の追加に伴い内容を更新 ベンダ情報:日立 (hitachi-sec-2017-107) を追加 |
2018年2月17日10:37 |
| 1 | [2018年02月28日] 参考情報:National Vulnerability Database (NVD) (CVE-2016-6816) を追加 参考情報:National Vulnerability Database (NVD) (CVE-2016-6817) を追加 参考情報:National Vulnerability Database (NVD) (CVE-2016-8735) を追加 |
2018年2月28日10:48 |
| 2 | [2019年04月11日] 影響を受けるシステム:ベンダ情報の追加に伴い内容を更新 ベンダ情報:日立 (hitachi-sec-2019-107) を追加 |
2019年4月11日14:38 |
| 0 | [2017年03月09日] 掲載 [2017年04月05日] 影響を受けるシステム:ベンダ情報の追加に伴い内容を更新 ベンダ情報:日立 (hitachi-sec-2017-107) を追加 |
2018年2月17日10:37 |
| 概要 | The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own. |
|---|---|
| 公表日 | 2017年3月21日3:59 |
| 登録日 | 2021年1月26日14:16 |
| 最終更新日 | 2024年11月21日11:56 |
| 構成1 | 以上 | 以下 | より上 | 未満 | |
| cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.39:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.34:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.47:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.22:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.25:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.42:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.44:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.21:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.38:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.23:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.37:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.45:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.41:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.46:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.43:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.40:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.36:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:* | |||||
| 構成2 | 以上 | 以下 | より上 | 未満 | |
| cpe:2.3:a:apache:tomcat:7.0.49:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.62:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.53:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.58:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.55:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.51:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.63:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.46:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.72:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.71:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.59:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.65:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.48:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.67:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.66:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.44:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.69:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.52:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.60:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.45:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.68:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.31:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.36:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.54:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.61:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.57:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.43:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.38:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.24:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.56:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.64:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.70:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:* | |||||
| 構成3 | 以上 | 以下 | より上 | 未満 | |
| cpe:2.3:a:apache:tomcat:8.0.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.10:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.30:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.17:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.7:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.26:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.20:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.31:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.19:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.12:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.27:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.15:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.22:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.29:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.11:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.24:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.36:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.23:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.33:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.21:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.32:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.25:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.18:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.35:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.38:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.13:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.14:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.9:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.16:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.8:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.34:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.28:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.0.37:*:*:*:*:*:*:* | |||||
| 構成4 | 以上 | 以下 | より上 | 未満 | |
| cpe:2.3:a:apache:tomcat:8.5.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.5.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.5.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.5.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.5.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.5.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.5.1:*:*:*:*:*:*:* | |||||
| 構成5 | 以上 | 以下 | より上 | 未満 | |
| cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:* | |||||
| 概要 | The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible. |
|---|---|
| 公表日 | 2017年8月11日7:29 |
| 登録日 | 2021年1月26日14:16 |
| 最終更新日 | 2024年11月21日11:56 |
| 構成1 | 以上 | 以下 | より上 | 未満 | |
| cpe:2.3:a:apache:tomcat:8.5.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.5.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.5.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.5.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.5.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.5.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:8.5.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:* | |||||
| 概要 | Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types. |
|---|---|
| 概要 | La ejecución remota de código es posible con Apache Tomcat en versiones anteriores a 6.0.48, 7.x en versiones anteriores a 7.0.73, 8.x en versiones anteriores a 8.0.39, 8.5.x en versiones anteriores a 8.5.7 y 9.x en versiones anteriores a 9.0.0.M12 si JmxRemoteLifecycleListener es utilizado y un atacante puede llegar a los puertos JMX. El problema existe porque este oyente no se actualizó por coherencia con el parche de Oracle CVE-2016-3427 que afectó a los tipos de credenciales. |
| 公表日 | 2017年4月7日6:59 |
| 登録日 | 2021年1月26日14:19 |
| 最終更新日 | 2026年4月22日2:03 |
| 構成1 | 以上 | 以下 | より上 | 未満 | |
| cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* | 6.0.48 | ||||
| cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* | 7.0.0 | 7.0.73 | |||
| cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* | 8.0 | 8.0.39 | |||
| cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* | 8.5.0 | 8.5.7 | |||
| cpe:2.3:a:apache:tomcat:9.0.0:-:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:* | |||||
| cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* | |||||
| cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:agile_engineering_data_management:6.1.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:agile_engineering_data_management:6.2.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:communications_application_session_controller:3.7.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:communications_application_session_controller:3.8.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:micros_relate_crm_software:10.8:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:micros_relate_crm_software:11.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.0.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.5.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.6.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.7.7:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.8.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.8.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* | 3.2.8.2223 | ||||
| cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* | 3.3.0 | 3.3.4.3247 | |||
| cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* | 3.4.0 | 3.4.2.4181 | |||
| cpe:2.3:a:oracle:retail_convenience_and_fuel_pos_software:2.1.132:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:transportation_management:6.3.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:transportation_management:6.3.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:transportation_management:6.3.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:transportation_management:6.3.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:transportation_management:6.3.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:transportation_management:6.3.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:transportation_management:6.3.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:oracle:transportation_management:6.3.7:*:*:*:*:*:*:* | |||||