CVE 2018-8014
The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCreden
Related bugs and status
CVE-2018-8014 (Candidate) is related to these bugs:
Bug #1721749: Security Fix - CVE-2017-12617
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1721749 | Security Fix - CVE-2017-12617 | tomcat8 (Ubuntu) | Undecided | Fix Released | ||
1721749 | Security Fix - CVE-2017-12617 | tomcat8 (Ubuntu Artful) | Undecided | Fix Released | ||
1721749 | Security Fix - CVE-2017-12617 | tomcat8 (Ubuntu Bionic) | Undecided | Fix Released | ||
1721749 | Security Fix - CVE-2017-12617 | tomcat8 (Ubuntu Xenial) | Undecided | Fix Released | ||
1721749 | Security Fix - CVE-2017-12617 | tomcat7 (Ubuntu Artful) | Undecided | Won't Fix | ||
1721749 | Security Fix - CVE-2017-12617 | tomcat7 (Ubuntu Bionic) | Undecided | New | ||
1721749 | Security Fix - CVE-2017-12617 | tomcat7 (Ubuntu Trusty) | Undecided | Fix Released | ||
1721749 | Security Fix - CVE-2017-12617 | tomcat7 (Ubuntu Xenial) | Undecided | New |
Bug #1765616: tomcat more or less broken -- java compat issues
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1765616 | tomcat more or less broken -- java compat issues | tomcat8 (Ubuntu) | Critical | Fix Released | ||
1765616 | tomcat more or less broken -- java compat issues | tomcat8 (Ubuntu Bionic) | Critical | Fix Released | ||
1765616 | tomcat more or less broken -- java compat issues | tomcat8 (Debian) | Unknown | Fix Released |
Bug #1815601: Please merge 8.5.38-1 into disco
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1815601 | Please merge 8.5.38-1 into disco | tomcat8 (Ubuntu) | Undecided | Fix Released | ||
1815601 | Please merge 8.5.38-1 into disco | tomcat8 (Ubuntu Cosmic) | Undecided | Fix Released | ||
1815601 | Please merge 8.5.38-1 into disco | tomcat8 (Ubuntu Bionic) | Undecided | Fix Released |
Bug #1817567: backport tomcat & dependencies for OpenJDK 11
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1817567 | backport tomcat & dependencies for OpenJDK 11 | tomcat9 (Ubuntu) | Undecided | New | ||
1817567 | backport tomcat & dependencies for OpenJDK 11 | websocket-api (Ubuntu) | Undecided | Fix Released | ||
1817567 | backport tomcat & dependencies for OpenJDK 11 | eclipse-emf (Ubuntu Bionic) | Undecided | Fix Committed | ||
1817567 | backport tomcat & dependencies for OpenJDK 11 | jetty9 (Ubuntu Bionic) | Undecided | Fix Released | ||
1817567 | backport tomcat & dependencies for OpenJDK 11 | swt4-gtk (Ubuntu Bionic) | Undecided | Fix Released | ||
1817567 | backport tomcat & dependencies for OpenJDK 11 | tomcat-native (Ubuntu Bionic) | Undecided | Fix Released | ||
1817567 | backport tomcat & dependencies for OpenJDK 11 | tomcat8 (Ubuntu Bionic) | Undecided | Fix Released | ||
1817567 | backport tomcat & dependencies for OpenJDK 11 | eclipse-debian-helper (Ubuntu Bionic) | Undecided | Fix Released | ||
1817567 | backport tomcat & dependencies for OpenJDK 11 | eclipse-jdt-core (Ubuntu Bionic) | Undecided | Fix Released | ||
1817567 | backport tomcat & dependencies for OpenJDK 11 | eclipse-jdt-debug (Ubuntu Bionic) | Undecided | Fix Released | ||
1817567 | backport tomcat & dependencies for OpenJDK 11 | eclipse-jdt-ui (Ubuntu Bionic) | Undecided | Fix Released | ||
1817567 | backport tomcat & dependencies for OpenJDK 11 | eclipse-platform-debug (Ubuntu Bionic) | Undecided | Fix Released | ||
1817567 | backport tomcat & dependencies for OpenJDK 11 | eclipse-platform-resources (Ubuntu Bionic) | Undecided | Fix Released | ||
1817567 | backport tomcat & dependencies for OpenJDK 11 | eclipse-platform-runtime (Ubuntu Bionic) | Undecided | Fix Released | ||
1817567 | backport tomcat & dependencies for OpenJDK 11 | eclipse-platform-team (Ubuntu Bionic) | Undecided | Fix Released | ||
1817567 | backport tomcat & dependencies for OpenJDK 11 | eclipse-platform-text (Ubuntu Bionic) | Undecided | Fix Released | ||
1817567 | backport tomcat & dependencies for OpenJDK 11 | eclipse-platform-ua (Ubuntu Bionic) | Undecided | Fix Released | ||
1817567 | backport tomcat & dependencies for OpenJDK 11 | eclipse-platform-ui (Ubuntu Bionic) | Undecided | Fix Released | ||
1817567 | backport tomcat & dependencies for OpenJDK 11 | el-api (Ubuntu Bionic) | Undecided | Fix Released | ||
1817567 | backport tomcat & dependencies for OpenJDK 11 | equinox-bundles (Ubuntu Bionic) | Undecided | Fix Released | ||
1817567 | backport tomcat & dependencies for OpenJDK 11 | equinox-framework (Ubuntu Bionic) | Undecided | Fix Released | ||
1817567 | backport tomcat & dependencies for OpenJDK 11 | equinox-p2 (Ubuntu Bionic) | Undecided | Fix Released | ||
1817567 | backport tomcat & dependencies for OpenJDK 11 | jsp-api (Ubuntu Bionic) | Undecided | Fix Released | ||
1817567 | backport tomcat & dependencies for OpenJDK 11 | servlet-api (Ubuntu Bionic) | Undecided | Fix Released | ||
1817567 | backport tomcat & dependencies for OpenJDK 11 | tomcat9 (Ubuntu Bionic) | Undecided | Fix Released | ||
1817567 | backport tomcat & dependencies for OpenJDK 11 | websocket-api (Ubuntu Bionic) | Undecided | Fix Released | ||
1817567 | backport tomcat & dependencies for OpenJDK 11 | libeclipse-emf (Ubuntu Bionic) | Undecided | Fix Released | ||
1817567 | backport tomcat & dependencies for OpenJDK 11 | jetty9 (Ubuntu Cosmic) | Undecided | Fix Released | ||
1817567 | backport tomcat & dependencies for OpenJDK 11 | tomcat8 (Ubuntu Cosmic) | Undecided | Fix Released | ||
1817567 | backport tomcat & dependencies for OpenJDK 11 | tomcat9 (Ubuntu Cosmic) | Undecided | Fix Released |
Bug #1819721: tomcat8 SRU for bionic uses systemd service instead of init scripts
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1819721 | tomcat8 SRU for bionic uses systemd service instead of init scripts | tomcat8 (Ubuntu) | High | Triaged | ||
1819721 | tomcat8 SRU for bionic uses systemd service instead of init scripts | tomcat8 (Ubuntu Cosmic) | Undecided | Fix Released | ||
1819721 | tomcat8 SRU for bionic uses systemd service instead of init scripts | tomcat8 (Ubuntu Bionic) | Undecided | Fix Released |
See the
CVE page on Mitre.org
for more details.