NVD脆弱性詳細

CVE-2014-0096

概要	java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
公表日	2014年5月31日20:17
登録日	2021年1月26日15:04
最終更新日	2024年11月21日11:01

CVSS2.0 : MEDIUM
スコア	4.3
ベクター	AV:N/AC:M/Au:N/C:P/I:N/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	なし
可用性への影響(A)	なし
全ての特権を取得	いいえ
ユーザー権限を取得	いいえ
その他の権限を取得	いいえ
ユーザー操作が必要	いいえ

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:apache:tomcat:7.0.2:beta::::::
cpe:2.3:a:apache:tomcat:7.0.49:::::::*
cpe:2.3:a:apache:tomcat:7.0.12:::::::*
cpe:2.3:a:apache:tomcat:7.0.20:::::::*
cpe:2.3:a:apache:tomcat:7.0.34:::::::*
cpe:2.3:a:apache:tomcat:7.0.8:::::::*
cpe:2.3:a:apache:tomcat:7.0.1:::::::*
cpe:2.3:a:apache:tomcat:7.0.2:::::::*
cpe:2.3:a:apache:tomcat:7.0.5:::::::*
cpe:2.3:a:apache:tomcat:7.0.4:beta::::::
cpe:2.3:a:apache:tomcat:7.0.22:::::::*
cpe:2.3:a:apache:tomcat:7.0.39:::::::*
cpe:2.3:a:apache:tomcat:7.0.26:::::::*
cpe:2.3:a:apache:tomcat:7.0.46:::::::*
cpe:2.3:a:apache:tomcat:7.0.28:::::::*
cpe:2.3:a:apache:tomcat:7.0.0:::::::*
cpe:2.3:a:apache:tomcat:7.0.50:::::::*
cpe:2.3:a:apache:tomcat:7.0.6:::::::*
cpe:2.3:a:apache:tomcat:7.0.18:::::::*
cpe:2.3:a:apache:tomcat:7.0.14:::::::*
cpe:2.3:a:apache:tomcat:7.0.48:::::::*
cpe:2.3:a:apache:tomcat:7.0.11:::::::*
cpe:2.3:a:apache:tomcat:7.0.23:::::::*
cpe:2.3:a:apache:tomcat:7.0.0:beta::::::
cpe:2.3:a:apache:tomcat:7.0.44:::::::*
cpe:2.3:a:apache:tomcat:7.0.7:::::::*
cpe:2.3:a:apache:tomcat:7.0.52:::::::*
cpe:2.3:a:apache:tomcat:7.0.42:::::::*
cpe:2.3:a:apache:tomcat:7.0.37:::::::*
cpe:2.3:a:apache:tomcat:7.0.29:::::::*
cpe:2.3:a:apache:tomcat:7.0.45:::::::*
cpe:2.3:a:apache:tomcat:7.0.13:::::::*
cpe:2.3:a:apache:tomcat:7.0.47:::::::*
cpe:2.3:a:apache:tomcat:7.0.41:::::::*
cpe:2.3:a:apache:tomcat:7.0.31:::::::*
cpe:2.3:a:apache:tomcat:7.0.30:::::::*
cpe:2.3:a:apache:tomcat:7.0.15:::::::*
cpe:2.3:a:apache:tomcat:7.0.19:::::::*
cpe:2.3:a:apache:tomcat:7.0.16:::::::*
cpe:2.3:a:apache:tomcat:7.0.10:::::::*
cpe:2.3:a:apache:tomcat:7.0.36:::::::*
cpe:2.3:a:apache:tomcat:7.0.25:::::::*
cpe:2.3:a:apache:tomcat:7.0.35:::::::*
cpe:2.3:a:apache:tomcat:7.0.43:::::::*
cpe:2.3:a:apache:tomcat:7.0.32:::::::*
cpe:2.3:a:apache:tomcat:7.0.38:::::::*
cpe:2.3:a:apache:tomcat:7.0.21:::::::*
cpe:2.3:a:apache:tomcat:7.0.27:::::::*
cpe:2.3:a:apache:tomcat:7.0.24:::::::*
cpe:2.3:a:apache:tomcat:7.0.17:::::::*
cpe:2.3:a:apache:tomcat:7.0.40:::::::*
cpe:2.3:a:apache:tomcat:7.0.9:::::::*
cpe:2.3:a:apache:tomcat:7.0.4:::::::*
cpe:2.3:a:apache:tomcat:7.0.3:::::::*
cpe:2.3:a:apache:tomcat:7.0.33:::::::*

構成2	以上	以下	より上	未満
cpe:2.3:a:apache:tomcat:8.0.1:::::::*
cpe:2.3:a:apache:tomcat:8.0.0:rc2::::::
cpe:2.3:a:apache:tomcat:8.0.0:rc1::::::
cpe:2.3:a:apache:tomcat:8.0.0:rc10::::::
cpe:2.3:a:apache:tomcat:8.0.3:::::::*
cpe:2.3:a:apache:tomcat:8.0.0:rc5::::::

構成3	以上	以下	より上	未満
cpe:2.3:a:apache:tomcat:6.0.33:::::::*
cpe:2.3:a:apache:tomcat:6.0.0:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.6:::::::*
cpe:2.3:a:apache:tomcat:6.0.4:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.11:::::::*
cpe:2.3:a:apache:tomcat::::::::		6.0.39
cpe:2.3:a:apache:tomcat:6:::::::*
cpe:2.3:a:apache:tomcat:6.0.7:::::::*
cpe:2.3:a:apache:tomcat:6.0.4:::::::*
cpe:2.3:a:apache:tomcat:6.0.15:::::::*
cpe:2.3:a:apache:tomcat:6.0.20:::::::*
cpe:2.3:a:apache:tomcat:6.0.9:beta::::::
cpe:2.3:a:apache:tomcat:6.0.10:::::::*
cpe:2.3:a:apache:tomcat:6.0.31:::::::*
cpe:2.3:a:apache:tomcat:6.0.29:::::::*
cpe:2.3:a:apache:tomcat:6.0.3:::::::*
cpe:2.3:a:apache:tomcat:6.0.9:::::::*
cpe:2.3:a:apache:tomcat:6.0.1:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.7:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.24:::::::*
cpe:2.3:a:apache:tomcat:6.0.37:::::::*
cpe:2.3:a:apache:tomcat:6.0.17:::::::*
cpe:2.3:a:apache:tomcat:6.0:::::::*
cpe:2.3:a:apache:tomcat:6.0.32:::::::*
cpe:2.3:a:apache:tomcat:6.0.28:::::::*
cpe:2.3:a:apache:tomcat:6.0.0:::::::*
cpe:2.3:a:apache:tomcat:6.0.14:::::::*
cpe:2.3:a:apache:tomcat:6.0.6:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.1:::::::*
cpe:2.3:a:apache:tomcat:6.0.12:::::::*
cpe:2.3:a:apache:tomcat:6.0.18:::::::*
cpe:2.3:a:apache:tomcat:6.0.2:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.5:::::::*
cpe:2.3:a:apache:tomcat:6.0.7:beta::::::
cpe:2.3:a:apache:tomcat:6.0.30:::::::*
cpe:2.3:a:apache:tomcat:6.0.2:::::::*
cpe:2.3:a:apache:tomcat:6.0.2:beta::::::
cpe:2.3:a:apache:tomcat:6.0.13:::::::*
cpe:2.3:a:apache:tomcat:6.0.8:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.26:::::::*
cpe:2.3:a:apache:tomcat:6.0.19:::::::*
cpe:2.3:a:apache:tomcat:6.0.27:::::::*
cpe:2.3:a:apache:tomcat:6.0.35:::::::*
cpe:2.3:a:apache:tomcat:6.0.16:::::::*
cpe:2.3:a:apache:tomcat:6.0.36:::::::*
cpe:2.3:a:apache:tomcat:6.0.8:::::::*

関連情報、対策とツール

No	URL	タグ
1	http://advisories.mageia.org/MGASA-2014-0268.html
2	http://advisories.mageia.org/MGASA-2014-0268.html
3	http://linux.oracle.com/errata/ELSA-2014-0865.html
4	http://linux.oracle.com/errata/ELSA-2014-0865.html
5	http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html
6	http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html
7	http://marc.info/?l=bugtraq&m=141017844705317&w=2
8	http://marc.info/?l=bugtraq&m=141017844705317&w=2
9	http://marc.info/?l=bugtraq&m=141017844705317&w=2
10	http://marc.info/?l=bugtraq&m=141017844705317&w=2
11	http://marc.info/?l=bugtraq&m=144498216801440&w=2
12	http://marc.info/?l=bugtraq&m=144498216801440&w=2
13	http://rhn.redhat.com/errata/RHSA-2015-0675.html
14	http://rhn.redhat.com/errata/RHSA-2015-0675.html
15	http://rhn.redhat.com/errata/RHSA-2015-0720.html
16	http://rhn.redhat.com/errata/RHSA-2015-0720.html
17	http://rhn.redhat.com/errata/RHSA-2015-0765.html
18	http://rhn.redhat.com/errata/RHSA-2015-0765.html
19	http://seclists.org/fulldisclosure/2014/Dec/23
20	http://seclists.org/fulldisclosure/2014/Dec/23
21	http://seclists.org/fulldisclosure/2014/May/135
22	http://seclists.org/fulldisclosure/2014/May/135
23	http://secunia.com/advisories/59121
24	http://secunia.com/advisories/59121
25	http://secunia.com/advisories/59616
26	http://secunia.com/advisories/59616
27	http://secunia.com/advisories/59678
28	http://secunia.com/advisories/59678
29	http://secunia.com/advisories/59732
30	http://secunia.com/advisories/59732
31	http://secunia.com/advisories/59835
32	http://secunia.com/advisories/59835
33	http://secunia.com/advisories/59849
34	http://secunia.com/advisories/59849
35	http://secunia.com/advisories/59873
36	http://secunia.com/advisories/59873
37	http://secunia.com/advisories/60729
38	http://secunia.com/advisories/60729
39	http://svn.apache.org/viewvc?view=revision&revision=1578610
40	http://svn.apache.org/viewvc?view=revision&revision=1578610
41	http://svn.apache.org/viewvc?view=revision&revision=1578611
42	http://svn.apache.org/viewvc?view=revision&revision=1578611
43	http://svn.apache.org/viewvc?view=revision&revision=1578637
44	http://svn.apache.org/viewvc?view=revision&revision=1578637
45	http://svn.apache.org/viewvc?view=revision&revision=1578655
46	http://svn.apache.org/viewvc?view=revision&revision=1578655
47	http://svn.apache.org/viewvc?view=revision&revision=1585853
48	http://svn.apache.org/viewvc?view=revision&revision=1585853
49	http://tomcat.apache.org/security-6.html	Vendor Advisory
50	http://tomcat.apache.org/security-6.html	Vendor Advisory
51	http://tomcat.apache.org/security-7.html	Vendor Advisory
52	http://tomcat.apache.org/security-7.html	Vendor Advisory
53	http://tomcat.apache.org/security-8.html	Vendor Advisory
54	http://tomcat.apache.org/security-8.html	Vendor Advisory
55	http://www.debian.org/security/2016/dsa-3530
56	http://www.debian.org/security/2016/dsa-3530
57	http://www.debian.org/security/2016/dsa-3552
58	http://www.debian.org/security/2016/dsa-3552
59	http://www.mandriva.com/security/advisories?name=MDVSA-2015:052
60	http://www.mandriva.com/security/advisories?name=MDVSA-2015:052
61	http://www.mandriva.com/security/advisories?name=MDVSA-2015:053
62	http://www.mandriva.com/security/advisories?name=MDVSA-2015:053
63	http://www.mandriva.com/security/advisories?name=MDVSA-2015:084
64	http://www.mandriva.com/security/advisories?name=MDVSA-2015:084
65	http://www.novell.com/support/kb/doc.php?id=7010166
66	http://www.novell.com/support/kb/doc.php?id=7010166
67	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
68	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
69	http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
70	http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
71	http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
72	http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
73	http://www.securityfocus.com/archive/1/534161/100/0/threaded
74	http://www.securityfocus.com/archive/1/534161/100/0/threaded
75	http://www.securityfocus.com/bid/67667
76	http://www.securityfocus.com/bid/67667
77	http://www.securitytracker.com/id/1030301
78	http://www.securitytracker.com/id/1030301
79	http://www.vmware.com/security/advisories/VMSA-2014-0012.html
80	http://www.vmware.com/security/advisories/VMSA-2014-0012.html
81	http://www-01.ibm.com/support/docview.wss?uid=swg21678231
82	http://www-01.ibm.com/support/docview.wss?uid=swg21678231
83	http://www-01.ibm.com/support/docview.wss?uid=swg21681528
84	http://www-01.ibm.com/support/docview.wss?uid=swg21681528
85	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013
86	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013
87	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
88	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
89	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
90	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
91	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
92	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
93	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
94	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
95	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
96	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
97	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
98	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-264	認可・権限・アクセス制御	https://cwe.mitre.org/data/definitions/264.html

JVN脆弱性情報

Apache Tomcat のデフォルトサーブレットにおけるセキュリティマネージャの制限を回避される脆弱性

タイトル	Apache Tomcat のデフォルトサーブレットにおけるセキュリティマネージャの制限を回避される脆弱性
概要	Apache Tomcat のデフォルトサーブレットの java/org/apache/catalina/servlets/DefaultServlet.java は、XSLT スタイルシートを適切に制限しないため、セキュリティマネージャの制限を回避され、任意のファイルを読まれる脆弱性が存在します。本件は、XML 外部エンティティ (XXE) の問題に関する脆弱性です。
想定される影響	第三者により、エンティティ参照に関連する XML 外部エンティティ宣言を提供する巧妙に細工された Web アプリケーションを介して、セキュリティマネージャの制限を回避され、任意のファイルを読まれる可能性があります。
対策	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
公表日	2014年3月27日0:00
登録日	2014年6月3日17:38
最終更新日	2016年11月22日16:00

影響を受けるシステム

Apache Software Foundation

Apache Tomcat 6.0.40 未満

Apache Tomcat 7.0.53 未満の 7.x

Apache Tomcat 8.0.4 未満の 8.x

オラクル

Oracle Communications Policy Management 10.4.1

Oracle Communications Policy Management 12.1.1 およびそれ以前

Oracle Communications Policy Management 9.7.3

Oracle Communications Policy Management 9.9.1

Oracle Fusion Middleware の Oracle Enterprise Data Quality 8.1.2

Oracle Fusion Middleware の Oracle Enterprise Data Quality 9.0.11

Oracle Virtualization の Oracle Secure Global Desktop 4.63

Oracle Virtualization の Oracle Secure Global Desktop 4.71

Oracle Virtualization の Oracle Secure Global Desktop 5.0

Oracle Virtualization の Oracle Secure Global Desktop 5.1

IBM

IBM UrbanCode Release 6.0.1.4

IBM UrbanCode Release 6.1

IBM UrbanCode Release 6.0

IBM UrbanCode Release 6.0.0.1

IBM UrbanCode Release 6.0.1

IBM UrbanCode Release 6.0.1.1

IBM UrbanCode Release 6.0.1.2

IBM UrbanCode Release 6.0.1.3

日立

JP1/Cm2/Network Node Manager i

JP1/Cm2/Network Node Manager i Advanced

CVE (情報セキュリティ共通脆弱性識別子)

No	名前	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2014-0096	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0096
National Vulnerability Database (NVD)
2	CVE-2014-0096	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0096
SECURITY BLOG
3	CVE-2014-0096 Permissions, Privileges, and Access Control vulnerability in Apache Tomcat	https://blogs.oracle.com/sunsecurity/entry/cve_2014_0096_permissions_privileges

CWE (共通脆弱性タイプ一覧)

No	名前	URL
JVNDB
1	CWE-264	https://jvndb.jvn.jp/ja/cwe/CWE-264.html

ベンダー情報

No	名前	URL
Apache Tomcat
1	Apache Tomcat 6.x vulnerabilities	http://tomcat.apache.org/security-6.html
2	Apache Tomcat 7.x vulnerabilities	http://tomcat.apache.org/security-7.html
3	Apache Tomcat 8.x vulnerabilities	http://tomcat.apache.org/security-8.html
Apache-SVN
4	Revision 1578610	http://svn.apache.org/viewvc?view=revision&revision=1578610
5	Revision 1578611	http://svn.apache.org/viewvc?view=revision&revision=1578611
6	Revision 1578637	http://svn.apache.org/viewvc?view=revision&revision=1578637
7	Revision 1578655	http://svn.apache.org/viewvc?view=revision&revision=1578655
8	Revision 1585853	http://svn.apache.org/viewvc?view=revision&revision=1585853
Hitachi Software Vulnerability Information
9	HS15-007	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-007/index.html
IBM Support Document
10	1678231	http://www-01.ibm.com/support/docview.wss?uid=swg21678231
11	1681528	http://www-01.ibm.com/support/docview.wss?uid=swg21681528
Knowledgebase
12	7010166	http://www.novell.com/support/kb/doc.php?id=7010166
Oracle
13	ELSA-2014-0865	http://linux.oracle.com/errata/ELSA-2014-0865.html
Oracle Critical Patch Update
14	Oracle Critical Patch Update Advisory - July 2014	http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
15	Oracle Critical Patch Update Advisory - October 2014	http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
16	Oracle Critical Patch Update Advisory - October 2016	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
17	Text Form of Oracle Critical Patch Update - July 2014 Risk Matrices	http://www.oracle.com/technetwork/topics/security/cpujul2014verbose-1972958.html
18	Text Form of Oracle Critical Patch Update - October 2014 Risk Matrices	http://www.oracle.com/technetwork/topics/security/cpuoct2014verbose-1972962.html
19	Text Form of Oracle Critical Patch Update - October 2016 Risk Matrices	http://www.oracle.com/technetwork/security-advisory/cpuoct2016verbose-2881725.html
Red Hat Security Advisory
20	RHSA-2015:0234	https://rhn.redhat.com/errata/RHSA-2015-0234.html
21	RHSA-2015:0235	https://rhn.redhat.com/errata/RHSA-2015-0235.html
22	RHSA-2015:0675	http://rhn.redhat.com/errata/RHSA-2015-0675.html
23	RHSA-2015:0720	http://rhn.redhat.com/errata/RHSA-2015-0720.html
24	RHSA-2015:0765	http://rhn.redhat.com/errata/RHSA-2015-0765.html
SECURITY BLOG
25	October 2014 Critical Patch Update Released	https://blogs.oracle.com/security/entry/october_2014_critical_patch_update
26	October 2016 Critical Patch Update Released	https://blogs.oracle.com/security/entry/october_2016_critical_patch_update
VMware Security Advisories
27	VMSA-2014-0012	http://www.vmware.com/security/advisories/VMSA-2014-0012.html
ソフトウェア製品セキュリティ情報
28	HS15-007	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-007/index.html

その他

No	名前	URL
関連文書
1	MGASA-2014-0268	http://advisories.mageia.org/MGASA-2014-0268.html

変更履歴

No	変更内容	変更日
0	[2014年06月03日] 掲載 [2014年07月25日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：オラクル (ELSA-2014-0865) を追加ベンダ情報：オラクル (Oracle Critical Patch Update Advisory - July 2014) を追加ベンダ情報：オラクル (Text Form of Oracle Critical Patch Update - July 2014 Risk Matrices) を追加ベンダ情報：Novell (7010166) を追加ベンダ情報：IBM (1678231) を追加 [2014年09月09日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：IBM (1681528) を追加 [2014年10月21日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：オラクル (Oracle Critical Patch Update Advisory - October 2014) を追加ベンダ情報：オラクル (Text Form of Oracle Critical Patch Update - October 2014 Risk Matrices) を追加ベンダ情報：オラクル (October 2014 Critical Patch Update Released) を追加 [2015年03月02日] ベンダ情報：レッドハット (RHSA-2015:0234) を追加ベンダ情報：レッドハット (RHSA-2015:0235) を追加 [2015年03月16日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：日立 (HS15-007) を追加 [2015年05月08日] ベンダ情報：レッドハット (RHSA-2015:0675) を追加ベンダ情報：レッドハット (RHSA-2015:0720) を追加ベンダ情報：レッドハット (RHSA-2015:0765) を追加ベンダ情報：VMware (VMSA-2014-0012) を追加参考情報：関連文書 (MGASA-2014-0268) を追加 [2015年07月30日] ベンダ情報：オラクル (CVE-2014-0096 Permissions, Privileges, and Access Control vulnerability in Apache Tomcat) を追加 [2016年11月22日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：オラクル (Oracle Critical Patch Update Advisory - October 2016) を追加ベンダ情報：オラクル (Text Form of Oracle Critical Patch Update - October 2016 Risk Matrices) を追加ベンダ情報：オラクル (October 2016 Critical Patch Update Released) を追加	2018年2月17日10:37

構成1	以上	以下	より上	未満
cpe:2.3:a:apache:tomcat:7.0.2:beta::::::
cpe:2.3:a:apache:tomcat:7.0.49:::::::*
cpe:2.3:a:apache:tomcat:7.0.12:::::::*
cpe:2.3:a:apache:tomcat:7.0.20:::::::*
cpe:2.3:a:apache:tomcat:7.0.34:::::::*
cpe:2.3:a:apache:tomcat:7.0.8:::::::*
cpe:2.3:a:apache:tomcat:7.0.1:::::::*
cpe:2.3:a:apache:tomcat:7.0.2:::::::*
cpe:2.3:a:apache:tomcat:7.0.5:::::::*
cpe:2.3:a:apache:tomcat:7.0.4:beta::::::
cpe:2.3:a:apache:tomcat:7.0.22:::::::*
cpe:2.3:a:apache:tomcat:7.0.39:::::::*
cpe:2.3:a:apache:tomcat:7.0.26:::::::*
cpe:2.3:a:apache:tomcat:7.0.46:::::::*
cpe:2.3:a:apache:tomcat:7.0.28:::::::*
cpe:2.3:a:apache:tomcat:7.0.0:::::::*
cpe:2.3:a:apache:tomcat:7.0.50:::::::*
cpe:2.3:a:apache:tomcat:7.0.6:::::::*
cpe:2.3:a:apache:tomcat:7.0.18:::::::*
cpe:2.3:a:apache:tomcat:7.0.14:::::::*
cpe:2.3:a:apache:tomcat:7.0.48:::::::*
cpe:2.3:a:apache:tomcat:7.0.11:::::::*
cpe:2.3:a:apache:tomcat:7.0.23:::::::*
cpe:2.3:a:apache:tomcat:7.0.0:beta::::::
cpe:2.3:a:apache:tomcat:7.0.44:::::::*
cpe:2.3:a:apache:tomcat:7.0.7:::::::*
cpe:2.3:a:apache:tomcat:7.0.52:::::::*
cpe:2.3:a:apache:tomcat:7.0.42:::::::*
cpe:2.3:a:apache:tomcat:7.0.37:::::::*
cpe:2.3:a:apache:tomcat:7.0.29:::::::*
cpe:2.3:a:apache:tomcat:7.0.45:::::::*
cpe:2.3:a:apache:tomcat:7.0.13:::::::*
cpe:2.3:a:apache:tomcat:7.0.47:::::::*
cpe:2.3:a:apache:tomcat:7.0.41:::::::*
cpe:2.3:a:apache:tomcat:7.0.31:::::::*
cpe:2.3:a:apache:tomcat:7.0.30:::::::*
cpe:2.3:a:apache:tomcat:7.0.15:::::::*
cpe:2.3:a:apache:tomcat:7.0.19:::::::*
cpe:2.3:a:apache:tomcat:7.0.16:::::::*
cpe:2.3:a:apache:tomcat:7.0.10:::::::*
cpe:2.3:a:apache:tomcat:7.0.36:::::::*
cpe:2.3:a:apache:tomcat:7.0.25:::::::*
cpe:2.3:a:apache:tomcat:7.0.35:::::::*
cpe:2.3:a:apache:tomcat:7.0.43:::::::*
cpe:2.3:a:apache:tomcat:7.0.32:::::::*
cpe:2.3:a:apache:tomcat:7.0.38:::::::*
cpe:2.3:a:apache:tomcat:7.0.21:::::::*
cpe:2.3:a:apache:tomcat:7.0.27:::::::*
cpe:2.3:a:apache:tomcat:7.0.24:::::::*
cpe:2.3:a:apache:tomcat:7.0.17:::::::*
cpe:2.3:a:apache:tomcat:7.0.40:::::::*
cpe:2.3:a:apache:tomcat:7.0.9:::::::*
cpe:2.3:a:apache:tomcat:7.0.4:::::::*
cpe:2.3:a:apache:tomcat:7.0.3:::::::*
cpe:2.3:a:apache:tomcat:7.0.33:::::::*

構成2	以上	以下	より上	未満
cpe:2.3:a:apache:tomcat:8.0.1:::::::*
cpe:2.3:a:apache:tomcat:8.0.0:rc2::::::
cpe:2.3:a:apache:tomcat:8.0.0:rc1::::::
cpe:2.3:a:apache:tomcat:8.0.0:rc10::::::
cpe:2.3:a:apache:tomcat:8.0.3:::::::*
cpe:2.3:a:apache:tomcat:8.0.0:rc5::::::

構成3	以上	以下	より上	未満
cpe:2.3:a:apache:tomcat:6.0.33:::::::*
cpe:2.3:a:apache:tomcat:6.0.0:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.6:::::::*
cpe:2.3:a:apache:tomcat:6.0.4:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.11:::::::*
cpe:2.3:a:apache:tomcat::::::::		6.0.39
cpe:2.3:a:apache:tomcat:6:::::::*
cpe:2.3:a:apache:tomcat:6.0.7:::::::*
cpe:2.3:a:apache:tomcat:6.0.4:::::::*
cpe:2.3:a:apache:tomcat:6.0.15:::::::*
cpe:2.3:a:apache:tomcat:6.0.20:::::::*
cpe:2.3:a:apache:tomcat:6.0.9:beta::::::
cpe:2.3:a:apache:tomcat:6.0.10:::::::*
cpe:2.3:a:apache:tomcat:6.0.31:::::::*
cpe:2.3:a:apache:tomcat:6.0.29:::::::*
cpe:2.3:a:apache:tomcat:6.0.3:::::::*
cpe:2.3:a:apache:tomcat:6.0.9:::::::*
cpe:2.3:a:apache:tomcat:6.0.1:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.7:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.24:::::::*
cpe:2.3:a:apache:tomcat:6.0.37:::::::*
cpe:2.3:a:apache:tomcat:6.0.17:::::::*
cpe:2.3:a:apache:tomcat:6.0:::::::*
cpe:2.3:a:apache:tomcat:6.0.32:::::::*
cpe:2.3:a:apache:tomcat:6.0.28:::::::*
cpe:2.3:a:apache:tomcat:6.0.0:::::::*
cpe:2.3:a:apache:tomcat:6.0.14:::::::*
cpe:2.3:a:apache:tomcat:6.0.6:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.1:::::::*
cpe:2.3:a:apache:tomcat:6.0.12:::::::*
cpe:2.3:a:apache:tomcat:6.0.18:::::::*
cpe:2.3:a:apache:tomcat:6.0.2:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.5:::::::*
cpe:2.3:a:apache:tomcat:6.0.7:beta::::::
cpe:2.3:a:apache:tomcat:6.0.30:::::::*
cpe:2.3:a:apache:tomcat:6.0.2:::::::*
cpe:2.3:a:apache:tomcat:6.0.2:beta::::::
cpe:2.3:a:apache:tomcat:6.0.13:::::::*
cpe:2.3:a:apache:tomcat:6.0.8:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.26:::::::*
cpe:2.3:a:apache:tomcat:6.0.19:::::::*
cpe:2.3:a:apache:tomcat:6.0.27:::::::*
cpe:2.3:a:apache:tomcat:6.0.35:::::::*
cpe:2.3:a:apache:tomcat:6.0.16:::::::*
cpe:2.3:a:apache:tomcat:6.0.36:::::::*
cpe:2.3:a:apache:tomcat:6.0.8:::::::*