NVD脆弱性詳細

CVE-2014-0075

概要	Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.
公表日	2014年5月31日20:17
登録日	2021年1月26日15:04
最終更新日	2024年11月21日11:01

CVSS2.0 : MEDIUM
スコア	5.0
ベクター	AV:N/AC:L/Au:N/C:N/I:N/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	なし
可用性への影響(A)	低
全ての特権を取得	いいえ
ユーザー権限を取得	いいえ
その他の権限を取得	いいえ
ユーザー操作が必要	いいえ

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:apache:tomcat:7.0.2:beta::::::
cpe:2.3:a:apache:tomcat:7.0.49:::::::*
cpe:2.3:a:apache:tomcat:7.0.12:::::::*
cpe:2.3:a:apache:tomcat:7.0.20:::::::*
cpe:2.3:a:apache:tomcat:7.0.34:::::::*
cpe:2.3:a:apache:tomcat:7.0.8:::::::*
cpe:2.3:a:apache:tomcat:7.0.1:::::::*
cpe:2.3:a:apache:tomcat:7.0.2:::::::*
cpe:2.3:a:apache:tomcat:7.0.5:::::::*
cpe:2.3:a:apache:tomcat:7.0.4:beta::::::
cpe:2.3:a:apache:tomcat:7.0.22:::::::*
cpe:2.3:a:apache:tomcat:7.0.39:::::::*
cpe:2.3:a:apache:tomcat:7.0.26:::::::*
cpe:2.3:a:apache:tomcat:7.0.46:::::::*
cpe:2.3:a:apache:tomcat:7.0.28:::::::*
cpe:2.3:a:apache:tomcat:7.0.0:::::::*
cpe:2.3:a:apache:tomcat:7.0.50:::::::*
cpe:2.3:a:apache:tomcat:7.0.6:::::::*
cpe:2.3:a:apache:tomcat:7.0.18:::::::*
cpe:2.3:a:apache:tomcat:7.0.14:::::::*
cpe:2.3:a:apache:tomcat:7.0.48:::::::*
cpe:2.3:a:apache:tomcat:7.0.11:::::::*
cpe:2.3:a:apache:tomcat:7.0.23:::::::*
cpe:2.3:a:apache:tomcat:7.0.0:beta::::::
cpe:2.3:a:apache:tomcat:7.0.44:::::::*
cpe:2.3:a:apache:tomcat:7.0.7:::::::*
cpe:2.3:a:apache:tomcat:7.0.52:::::::*
cpe:2.3:a:apache:tomcat:7.0.42:::::::*
cpe:2.3:a:apache:tomcat:7.0.37:::::::*
cpe:2.3:a:apache:tomcat:7.0.29:::::::*
cpe:2.3:a:apache:tomcat:7.0.45:::::::*
cpe:2.3:a:apache:tomcat:7.0.13:::::::*
cpe:2.3:a:apache:tomcat:7.0.47:::::::*
cpe:2.3:a:apache:tomcat:7.0.41:::::::*
cpe:2.3:a:apache:tomcat:7.0.31:::::::*
cpe:2.3:a:apache:tomcat:7.0.30:::::::*
cpe:2.3:a:apache:tomcat:7.0.15:::::::*
cpe:2.3:a:apache:tomcat:7.0.19:::::::*
cpe:2.3:a:apache:tomcat:7.0.16:::::::*
cpe:2.3:a:apache:tomcat:7.0.10:::::::*
cpe:2.3:a:apache:tomcat:7.0.36:::::::*
cpe:2.3:a:apache:tomcat:7.0.25:::::::*
cpe:2.3:a:apache:tomcat:7.0.35:::::::*
cpe:2.3:a:apache:tomcat:7.0.43:::::::*
cpe:2.3:a:apache:tomcat:7.0.32:::::::*
cpe:2.3:a:apache:tomcat:7.0.38:::::::*
cpe:2.3:a:apache:tomcat:7.0.21:::::::*
cpe:2.3:a:apache:tomcat:7.0.27:::::::*
cpe:2.3:a:apache:tomcat:7.0.24:::::::*
cpe:2.3:a:apache:tomcat:7.0.17:::::::*
cpe:2.3:a:apache:tomcat:7.0.40:::::::*
cpe:2.3:a:apache:tomcat:7.0.9:::::::*
cpe:2.3:a:apache:tomcat:7.0.4:::::::*
cpe:2.3:a:apache:tomcat:7.0.3:::::::*
cpe:2.3:a:apache:tomcat:7.0.33:::::::*

構成2	以上	以下	より上	未満
cpe:2.3:a:apache:tomcat:8.0.1:::::::*
cpe:2.3:a:apache:tomcat:8.0.0:rc2::::::
cpe:2.3:a:apache:tomcat:8.0.0:rc1::::::
cpe:2.3:a:apache:tomcat:8.0.0:rc10::::::
cpe:2.3:a:apache:tomcat:8.0.3:::::::*
cpe:2.3:a:apache:tomcat:8.0.0:rc5::::::

構成3	以上	以下	より上	未満
cpe:2.3:a:apache:tomcat:6.0.33:::::::*
cpe:2.3:a:apache:tomcat:6.0.0:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.6:::::::*
cpe:2.3:a:apache:tomcat:6.0.4:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.11:::::::*
cpe:2.3:a:apache:tomcat::::::::		6.0.39
cpe:2.3:a:apache:tomcat:6:::::::*
cpe:2.3:a:apache:tomcat:6.0.7:::::::*
cpe:2.3:a:apache:tomcat:6.0.4:::::::*
cpe:2.3:a:apache:tomcat:6.0.15:::::::*
cpe:2.3:a:apache:tomcat:6.0.20:::::::*
cpe:2.3:a:apache:tomcat:6.0.9:beta::::::
cpe:2.3:a:apache:tomcat:6.0.10:::::::*
cpe:2.3:a:apache:tomcat:6.0.31:::::::*
cpe:2.3:a:apache:tomcat:6.0.29:::::::*
cpe:2.3:a:apache:tomcat:6.0.3:::::::*
cpe:2.3:a:apache:tomcat:6.0.9:::::::*
cpe:2.3:a:apache:tomcat:6.0.1:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.7:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.24:::::::*
cpe:2.3:a:apache:tomcat:6.0.37:::::::*
cpe:2.3:a:apache:tomcat:6.0.17:::::::*
cpe:2.3:a:apache:tomcat:6.0:::::::*
cpe:2.3:a:apache:tomcat:6.0.32:::::::*
cpe:2.3:a:apache:tomcat:6.0.28:::::::*
cpe:2.3:a:apache:tomcat:6.0.0:::::::*
cpe:2.3:a:apache:tomcat:6.0.14:::::::*
cpe:2.3:a:apache:tomcat:6.0.6:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.1:::::::*
cpe:2.3:a:apache:tomcat:6.0.12:::::::*
cpe:2.3:a:apache:tomcat:6.0.18:::::::*
cpe:2.3:a:apache:tomcat:6.0.2:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.5:::::::*
cpe:2.3:a:apache:tomcat:6.0.7:beta::::::
cpe:2.3:a:apache:tomcat:6.0.30:::::::*
cpe:2.3:a:apache:tomcat:6.0.2:::::::*
cpe:2.3:a:apache:tomcat:6.0.2:beta::::::
cpe:2.3:a:apache:tomcat:6.0.13:::::::*
cpe:2.3:a:apache:tomcat:6.0.8:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.26:::::::*
cpe:2.3:a:apache:tomcat:6.0.19:::::::*
cpe:2.3:a:apache:tomcat:6.0.27:::::::*
cpe:2.3:a:apache:tomcat:6.0.35:::::::*
cpe:2.3:a:apache:tomcat:6.0.16:::::::*
cpe:2.3:a:apache:tomcat:6.0.36:::::::*
cpe:2.3:a:apache:tomcat:6.0.8:::::::*

関連情報、対策とツール

No	URL	タグ
1	http://advisories.mageia.org/MGASA-2014-0268.html
2	http://advisories.mageia.org/MGASA-2014-0268.html
3	http://linux.oracle.com/errata/ELSA-2014-0865.html
4	http://linux.oracle.com/errata/ELSA-2014-0865.html
5	http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html
6	http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html
7	http://marc.info/?l=bugtraq&m=141017844705317&w=2
8	http://marc.info/?l=bugtraq&m=141017844705317&w=2
9	http://marc.info/?l=bugtraq&m=141017844705317&w=2
10	http://marc.info/?l=bugtraq&m=141017844705317&w=2
11	http://marc.info/?l=bugtraq&m=141390017113542&w=2
12	http://marc.info/?l=bugtraq&m=141390017113542&w=2
13	http://marc.info/?l=bugtraq&m=144498216801440&w=2
14	http://marc.info/?l=bugtraq&m=144498216801440&w=2
15	http://rhn.redhat.com/errata/RHSA-2015-0675.html
16	http://rhn.redhat.com/errata/RHSA-2015-0675.html
17	http://rhn.redhat.com/errata/RHSA-2015-0720.html
18	http://rhn.redhat.com/errata/RHSA-2015-0720.html
19	http://rhn.redhat.com/errata/RHSA-2015-0765.html
20	http://rhn.redhat.com/errata/RHSA-2015-0765.html
21	http://seclists.org/fulldisclosure/2014/Dec/23
22	http://seclists.org/fulldisclosure/2014/Dec/23
23	http://secunia.com/advisories/59121
24	http://secunia.com/advisories/59121
25	http://secunia.com/advisories/59616
26	http://secunia.com/advisories/59616
27	http://secunia.com/advisories/59678
28	http://secunia.com/advisories/59678
29	http://secunia.com/advisories/59732
30	http://secunia.com/advisories/59732
31	http://secunia.com/advisories/59835
32	http://secunia.com/advisories/59835
33	http://secunia.com/advisories/59849
34	http://secunia.com/advisories/59849
35	http://secunia.com/advisories/59873
36	http://secunia.com/advisories/59873
37	http://secunia.com/advisories/60729
38	http://secunia.com/advisories/60729
39	http://secunia.com/advisories/60793
40	http://secunia.com/advisories/60793
41	http://svn.apache.org/viewvc?view=revision&revision=1578337
42	http://svn.apache.org/viewvc?view=revision&revision=1578337
43	http://svn.apache.org/viewvc?view=revision&revision=1578341
44	http://svn.apache.org/viewvc?view=revision&revision=1578341
45	http://svn.apache.org/viewvc?view=revision&revision=1579262
46	http://svn.apache.org/viewvc?view=revision&revision=1579262
47	http://tomcat.apache.org/security-6.html	Vendor Advisory
48	http://tomcat.apache.org/security-6.html	Vendor Advisory
49	http://tomcat.apache.org/security-7.html	Vendor Advisory
50	http://tomcat.apache.org/security-7.html	Vendor Advisory
51	http://tomcat.apache.org/security-8.html	Vendor Advisory
52	http://tomcat.apache.org/security-8.html	Vendor Advisory
53	http://www.debian.org/security/2016/dsa-3447
54	http://www.debian.org/security/2016/dsa-3447
55	http://www.debian.org/security/2016/dsa-3530
56	http://www.debian.org/security/2016/dsa-3530
57	http://www.mandriva.com/security/advisories?name=MDVSA-2015:052
58	http://www.mandriva.com/security/advisories?name=MDVSA-2015:052
59	http://www.mandriva.com/security/advisories?name=MDVSA-2015:053
60	http://www.mandriva.com/security/advisories?name=MDVSA-2015:053
61	http://www.mandriva.com/security/advisories?name=MDVSA-2015:084
62	http://www.mandriva.com/security/advisories?name=MDVSA-2015:084
63	http://www.novell.com/support/kb/doc.php?id=7010166
64	http://www.novell.com/support/kb/doc.php?id=7010166
65	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
66	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
67	http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
68	http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
69	http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
70	http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
71	http://www.securityfocus.com/archive/1/534161/100/0/threaded
72	http://www.securityfocus.com/archive/1/534161/100/0/threaded
73	http://www.securityfocus.com/bid/67671
74	http://www.securityfocus.com/bid/67671
75	http://www.vmware.com/security/advisories/VMSA-2014-0012.html
76	http://www.vmware.com/security/advisories/VMSA-2014-0012.html
77	http://www-01.ibm.com/support/docview.wss?uid=swg21678231
78	http://www-01.ibm.com/support/docview.wss?uid=swg21678231
79	http://www-01.ibm.com/support/docview.wss?uid=swg21680603
80	http://www-01.ibm.com/support/docview.wss?uid=swg21680603
81	http://www-01.ibm.com/support/docview.wss?uid=swg21681528
82	http://www-01.ibm.com/support/docview.wss?uid=swg21681528
83	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013
84	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013
85	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
86	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
87	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
88	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
89	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
90	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
91	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
92	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
93	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
94	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
95	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
96	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
97	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
98	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-189	数値処理の問題	https://cwe.mitre.org/data/definitions/189.html

JVN脆弱性情報

Apache Tomcat の java/org/apache/coyote/http11/filters/ChunkedInputFilter.java における整数オーバーフローの脆弱性

タイトル	Apache Tomcat の java/org/apache/coyote/http11/filters/ChunkedInputFilter.java における整数オーバーフローの脆弱性
概要	Apache Tomcat の java/org/apache/coyote/http11/filters/ChunkedInputFilter.java の parseChunkHeader 関数には、整数オーバーフローの脆弱性が存在します。
想定される影響	第三者により、データのストリーミング中のリクエストのチャンク転送コーディング (chunked transfer coding) 内の不正な形式のチャンクサイズを介して、サービス運用妨害 (リソース消費) 状態にされる可能性があります。
対策	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
公表日	2014年3月27日0:00
登録日	2014年6月3日17:37
最終更新日	2016年11月22日16:00

影響を受けるシステム

Apache Software Foundation

Apache Tomcat 6.0.40 未満

Apache Tomcat 7.0.53 未満の 7.x

Apache Tomcat 8.0.4 未満の 8.x

オラクル

Oracle Communications Policy Management 10.4.1

Oracle Communications Policy Management 12.1.1 およびそれ以前

Oracle Communications Policy Management 9.7.3

Oracle Communications Policy Management 9.9.1

Oracle Fusion Middleware の Oracle Enterprise Data Quality 8.1.2

Oracle Fusion Middleware の Oracle Enterprise Data Quality 9.0.11

Oracle Virtualization の Oracle Secure Global Desktop 4.63

Oracle Virtualization の Oracle Secure Global Desktop 4.71

Oracle Virtualization の Oracle Secure Global Desktop 5.0

Oracle Virtualization の Oracle Secure Global Desktop 5.1

IBM

IBM UrbanCode Release 6.0

IBM UrbanCode Release 6.0.0.1

IBM UrbanCode Release 6.0.1

IBM UrbanCode Release 6.0.1.1

IBM UrbanCode Release 6.0.1.2

IBM UrbanCode Release 6.0.1.3

IBM UrbanCode Release 6.0.1.4

IBM UrbanCode Release 6.1

Rational Build Forge 7.1.2

Rational Lifecycle Integration Adapter for HP ALM 1.0 から 1.1

日立

JP1/Cm2/Network Node Manager i

JP1/Cm2/Network Node Manager i Advanced

CVE (情報セキュリティ共通脆弱性識別子)

No	名前	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2014-0075	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0075
National Vulnerability Database (NVD)
2	CVE-2014-0075	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0075
SECURITY BLOG
3	CVE-2014-0075 Numeric Errors vulnerability in Apache Tomcat	https://blogs.oracle.com/sunsecurity/entry/cve_2014_0075_numeric_errors

CWE (共通脆弱性タイプ一覧)

No	名前	URL
JVNDB
1	CWE-189	https://jvndb.jvn.jp/ja/cwe/CWE-189.html

ベンダー情報

No	名前	URL
Apache Tomcat
1	Apache Tomcat 6.x vulnerabilities	http://tomcat.apache.org/security-6.html
2	Apache Tomcat 7.x vulnerabilities	http://tomcat.apache.org/security-7.html
3	Apache Tomcat 8.x vulnerabilities	http://tomcat.apache.org/security-8.html
Apache-SVN
4	Revision 1578337	http://svn.apache.org/viewvc?view=revision&revision=1578337
5	Revision 1578341	http://svn.apache.org/viewvc?view=revision&revision=1578341
6	Revision 1579262	http://svn.apache.org/viewvc?view=revision&revision=1579262
Hitachi Software Vulnerability Information
7	HS15-007	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-007/index.html
HP Security Bulletin
8	HPSBUX03150 SSRT101681	http://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04483248&lang=en&cc=us
IBM Support Document
9	1678231	http://www-01.ibm.com/support/docview.wss?uid=swg21678231
10	1680603	http://www-01.ibm.com/support/docview.wss?uid=swg21680603
11	1681528	http://www-01.ibm.com/support/docview.wss?uid=swg21681528
Knowledgebase
12	7010166	http://www.novell.com/support/kb/doc.php?id=7010166
Oracle
13	ELSA-2014-0865	http://linux.oracle.com/errata/ELSA-2014-0865.html
Oracle Critical Patch Update
14	Oracle Critical Patch Update Advisory - July 2014	http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
15	Oracle Critical Patch Update Advisory - October 2014	http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
16	Oracle Critical Patch Update Advisory - October 2016	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
17	Text Form of Oracle Critical Patch Update - July 2014 Risk Matrices	http://www.oracle.com/technetwork/topics/security/cpujul2014verbose-1972958.html
18	Text Form of Oracle Critical Patch Update - October 2014 Risk Matrices	http://www.oracle.com/technetwork/topics/security/cpuoct2014verbose-1972962.html
19	Text Form of Oracle Critical Patch Update - October 2016 Risk Matrices	http://www.oracle.com/technetwork/security-advisory/cpuoct2016verbose-2881725.html
Red Hat Security Advisory
20	RHSA-2015:0234	https://rhn.redhat.com/errata/RHSA-2015-0234.html
21	RHSA-2015:0235	https://rhn.redhat.com/errata/RHSA-2015-0235.html
22	RHSA-2015:0675	http://rhn.redhat.com/errata/RHSA-2015-0675.html
23	RHSA-2015:0720	http://rhn.redhat.com/errata/RHSA-2015-0720.html
24	RHSA-2015:0765	http://rhn.redhat.com/errata/RHSA-2015-0765.html
SECURITY BLOG
25	October 2014 Critical Patch Update Released	https://blogs.oracle.com/security/entry/october_2014_critical_patch_update
26	October 2016 Critical Patch Update Released	https://blogs.oracle.com/security/entry/october_2016_critical_patch_update
VMware Security Advisories
27	VMSA-2014-0012	http://www.vmware.com/security/advisories/VMSA-2014-0012.html
ソフトウェア製品セキュリティ情報
28	HS15-007	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-007/index.html

その他

No	名前	URL
関連文書
1	MGASA-2014-0268	http://advisories.mageia.org/MGASA-2014-0268.html

変更履歴

No	変更内容	変更日
0	[2014年06月03日] 掲載 [2014年07月22日] ベンダ情報：オラクル (CVE-2014-0075 Numeric Errors vulnerability in Apache Tomcat) を追加 [2014年07月25日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：オラクル (ELSA-2014-0865) を追加ベンダ情報：オラクル (Oracle Critical Patch Update Advisory - July 2014) を追加ベンダ情報：オラクル (Text Form of Oracle Critical Patch Update - July 2014 Risk Matrices) を追加ベンダ情報：IBM (1678231) を追加ベンダ情報：Novell (7010166) を追加 [2014年09月09日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：IBM (1680603) を追加ベンダ情報：IBM (1681528) を追加 [2014年10月21日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：オラクル (Oracle Critical Patch Update Advisory - October 2014) を追加ベンダ情報：オラクル (Text Form of Oracle Critical Patch Update - October 2014 Risk Matrices) を追加ベンダ情報：オラクル (October 2014 Critical Patch Update Released) を追加 [2014年12月08日] ベンダ情報：ヒューレット・パッカード (HPSBUX03150 SSRT101681) を追加 [2015年03月02日] ベンダ情報：レッドハット (RHSA-2015:0234) を追加ベンダ情報：レッドハット (RHSA-2015:0235) を追加 [2015年03月16日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：日立 (HS15-007) を追加 [2015年05月11日] ベンダ情報：レッドハット (RHSA-2015:0675) を追加ベンダ情報：レッドハット (RHSA-2015:0720) を追加ベンダ情報：レッドハット (RHSA-2015:0765) を追加ベンダ情報：VMware (VMSA-2014-0012) を追加参考情報：関連文書 (MGASA-2014-0268) を追加 [2016年11月22日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：オラクル (Oracle Critical Patch Update Advisory - October 2016) を追加ベンダ情報：オラクル (Text Form of Oracle Critical Patch Update - October 2016 Risk Matrices) を追加ベンダ情報：オラクル (October 2016 Critical Patch Update Released) を追加	2018年2月17日10:37

構成1	以上	以下	より上	未満
cpe:2.3:a:apache:tomcat:7.0.2:beta::::::
cpe:2.3:a:apache:tomcat:7.0.49:::::::*
cpe:2.3:a:apache:tomcat:7.0.12:::::::*
cpe:2.3:a:apache:tomcat:7.0.20:::::::*
cpe:2.3:a:apache:tomcat:7.0.34:::::::*
cpe:2.3:a:apache:tomcat:7.0.8:::::::*
cpe:2.3:a:apache:tomcat:7.0.1:::::::*
cpe:2.3:a:apache:tomcat:7.0.2:::::::*
cpe:2.3:a:apache:tomcat:7.0.5:::::::*
cpe:2.3:a:apache:tomcat:7.0.4:beta::::::
cpe:2.3:a:apache:tomcat:7.0.22:::::::*
cpe:2.3:a:apache:tomcat:7.0.39:::::::*
cpe:2.3:a:apache:tomcat:7.0.26:::::::*
cpe:2.3:a:apache:tomcat:7.0.46:::::::*
cpe:2.3:a:apache:tomcat:7.0.28:::::::*
cpe:2.3:a:apache:tomcat:7.0.0:::::::*
cpe:2.3:a:apache:tomcat:7.0.50:::::::*
cpe:2.3:a:apache:tomcat:7.0.6:::::::*
cpe:2.3:a:apache:tomcat:7.0.18:::::::*
cpe:2.3:a:apache:tomcat:7.0.14:::::::*
cpe:2.3:a:apache:tomcat:7.0.48:::::::*
cpe:2.3:a:apache:tomcat:7.0.11:::::::*
cpe:2.3:a:apache:tomcat:7.0.23:::::::*
cpe:2.3:a:apache:tomcat:7.0.0:beta::::::
cpe:2.3:a:apache:tomcat:7.0.44:::::::*
cpe:2.3:a:apache:tomcat:7.0.7:::::::*
cpe:2.3:a:apache:tomcat:7.0.52:::::::*
cpe:2.3:a:apache:tomcat:7.0.42:::::::*
cpe:2.3:a:apache:tomcat:7.0.37:::::::*
cpe:2.3:a:apache:tomcat:7.0.29:::::::*
cpe:2.3:a:apache:tomcat:7.0.45:::::::*
cpe:2.3:a:apache:tomcat:7.0.13:::::::*
cpe:2.3:a:apache:tomcat:7.0.47:::::::*
cpe:2.3:a:apache:tomcat:7.0.41:::::::*
cpe:2.3:a:apache:tomcat:7.0.31:::::::*
cpe:2.3:a:apache:tomcat:7.0.30:::::::*
cpe:2.3:a:apache:tomcat:7.0.15:::::::*
cpe:2.3:a:apache:tomcat:7.0.19:::::::*
cpe:2.3:a:apache:tomcat:7.0.16:::::::*
cpe:2.3:a:apache:tomcat:7.0.10:::::::*
cpe:2.3:a:apache:tomcat:7.0.36:::::::*
cpe:2.3:a:apache:tomcat:7.0.25:::::::*
cpe:2.3:a:apache:tomcat:7.0.35:::::::*
cpe:2.3:a:apache:tomcat:7.0.43:::::::*
cpe:2.3:a:apache:tomcat:7.0.32:::::::*
cpe:2.3:a:apache:tomcat:7.0.38:::::::*
cpe:2.3:a:apache:tomcat:7.0.21:::::::*
cpe:2.3:a:apache:tomcat:7.0.27:::::::*
cpe:2.3:a:apache:tomcat:7.0.24:::::::*
cpe:2.3:a:apache:tomcat:7.0.17:::::::*
cpe:2.3:a:apache:tomcat:7.0.40:::::::*
cpe:2.3:a:apache:tomcat:7.0.9:::::::*
cpe:2.3:a:apache:tomcat:7.0.4:::::::*
cpe:2.3:a:apache:tomcat:7.0.3:::::::*
cpe:2.3:a:apache:tomcat:7.0.33:::::::*

構成2	以上	以下	より上	未満
cpe:2.3:a:apache:tomcat:8.0.1:::::::*
cpe:2.3:a:apache:tomcat:8.0.0:rc2::::::
cpe:2.3:a:apache:tomcat:8.0.0:rc1::::::
cpe:2.3:a:apache:tomcat:8.0.0:rc10::::::
cpe:2.3:a:apache:tomcat:8.0.3:::::::*
cpe:2.3:a:apache:tomcat:8.0.0:rc5::::::

構成3	以上	以下	より上	未満
cpe:2.3:a:apache:tomcat:6.0.33:::::::*
cpe:2.3:a:apache:tomcat:6.0.0:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.6:::::::*
cpe:2.3:a:apache:tomcat:6.0.4:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.11:::::::*
cpe:2.3:a:apache:tomcat::::::::		6.0.39
cpe:2.3:a:apache:tomcat:6:::::::*
cpe:2.3:a:apache:tomcat:6.0.7:::::::*
cpe:2.3:a:apache:tomcat:6.0.4:::::::*
cpe:2.3:a:apache:tomcat:6.0.15:::::::*
cpe:2.3:a:apache:tomcat:6.0.20:::::::*
cpe:2.3:a:apache:tomcat:6.0.9:beta::::::
cpe:2.3:a:apache:tomcat:6.0.10:::::::*
cpe:2.3:a:apache:tomcat:6.0.31:::::::*
cpe:2.3:a:apache:tomcat:6.0.29:::::::*
cpe:2.3:a:apache:tomcat:6.0.3:::::::*
cpe:2.3:a:apache:tomcat:6.0.9:::::::*
cpe:2.3:a:apache:tomcat:6.0.1:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.7:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.24:::::::*
cpe:2.3:a:apache:tomcat:6.0.37:::::::*
cpe:2.3:a:apache:tomcat:6.0.17:::::::*
cpe:2.3:a:apache:tomcat:6.0:::::::*
cpe:2.3:a:apache:tomcat:6.0.32:::::::*
cpe:2.3:a:apache:tomcat:6.0.28:::::::*
cpe:2.3:a:apache:tomcat:6.0.0:::::::*
cpe:2.3:a:apache:tomcat:6.0.14:::::::*
cpe:2.3:a:apache:tomcat:6.0.6:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.1:::::::*
cpe:2.3:a:apache:tomcat:6.0.12:::::::*
cpe:2.3:a:apache:tomcat:6.0.18:::::::*
cpe:2.3:a:apache:tomcat:6.0.2:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.5:::::::*
cpe:2.3:a:apache:tomcat:6.0.7:beta::::::
cpe:2.3:a:apache:tomcat:6.0.30:::::::*
cpe:2.3:a:apache:tomcat:6.0.2:::::::*
cpe:2.3:a:apache:tomcat:6.0.2:beta::::::
cpe:2.3:a:apache:tomcat:6.0.13:::::::*
cpe:2.3:a:apache:tomcat:6.0.8:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.26:::::::*
cpe:2.3:a:apache:tomcat:6.0.19:::::::*
cpe:2.3:a:apache:tomcat:6.0.27:::::::*
cpe:2.3:a:apache:tomcat:6.0.35:::::::*
cpe:2.3:a:apache:tomcat:6.0.16:::::::*
cpe:2.3:a:apache:tomcat:6.0.36:::::::*
cpe:2.3:a:apache:tomcat:6.0.8:::::::*