CVE-2018-8014
CVSS7.5
发布时间 :2018-05-16 12:29:00
修订时间 :2018-06-28 21:29:06
NMPS    

[原文]The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue.


[CNNVD]CNNVD数据暂缺。


[机译]译文暂缺.

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-254 [安全特性]

- CPE (受影响的平台与产品)

cpe:/a:apache:tomcat:7.0.41
cpe:/a:apache:tomcat:7.0.42
cpe:/a:apache:tomcat:7.0.43
cpe:/a:apache:tomcat:7.0.44
cpe:/a:apache:tomcat:7.0.45
cpe:/a:apache:tomcat:7.0.46
cpe:/a:apache:tomcat:7.0.47
cpe:/a:apache:tomcat:7.0.48
cpe:/a:apache:tomcat:7.0.49
cpe:/a:apache:tomcat:7.0.50
cpe:/a:apache:tomcat:7.0.51
cpe:/a:apache:tomcat:7.0.54
cpe:/a:apache:tomcat:7.0.55
cpe:/a:apache:tomcat:7.0.56
cpe:/a:apache:tomcat:7.0.57
cpe:/a:apache:tomcat:7.0.58
cpe:/a:apache:tomcat:7.0.59
cpe:/a:apache:tomcat:7.0.60
cpe:/a:apache:tomcat:7.0.61
cpe:/a:apache:tomcat:7.0.62
cpe:/a:apache:tomcat:7.0.63
cpe:/a:apache:tomcat:7.0.64
cpe:/a:apache:tomcat:7.0.65
cpe:/a:apache:tomcat:7.0.66
cpe:/a:apache:tomcat:7.0.67
cpe:/a:apache:tomcat:7.0.68
cpe:/a:apache:tomcat:7.0.69
cpe:/a:apache:tomcat:7.0.70
cpe:/a:apache:tomcat:7.0.71
cpe:/a:apache:tomcat:7.0.72
cpe:/a:apache:tomcat:7.0.73
cpe:/a:apache:tomcat:7.0.74
cpe:/a:apache:tomcat:7.0.75
cpe:/a:apache:tomcat:7.0.76
cpe:/a:apache:tomcat:7.0.77
cpe:/a:apache:tomcat:7.0.78
cpe:/a:apache:tomcat:7.0.79
cpe:/a:apache:tomcat:7.0.80
cpe:/a:apache:tomcat:7.0.81
cpe:/a:apache:tomcat:7.0.82
cpe:/a:apache:tomcat:7.0.83
cpe:/a:apache:tomcat:7.0.84
cpe:/a:apache:tomcat:7.0.85
cpe:/a:apache:tomcat:8.0.0:rc1
cpe:/a:apache:tomcat:8.0.0:rc10
cpe:/a:apache:tomcat:8.0.0:rc2
cpe:/a:apache:tomcat:8.0.0:rc5
cpe:/a:apache:tomcat:8.0.1
cpe:/a:apache:tomcat:8.0.2
cpe:/a:apache:tomcat:8.0.4
cpe:/a:apache:tomcat:8.0.6
cpe:/a:apache:tomcat:8.0.7
cpe:/a:apache:tomcat:8.0.9
cpe:/a:apache:tomcat:8.0.10
cpe:/a:apache:tomcat:8.0.11
cpe:/a:apache:tomcat:8.0.12
cpe:/a:apache:tomcat:8.0.13
cpe:/a:apache:tomcat:8.0.14
cpe:/a:apache:tomcat:8.0.15
cpe:/a:apache:tomcat:8.0.16
cpe:/a:apache:tomcat:8.0.17
cpe:/a:apache:tomcat:8.0.18
cpe:/a:apache:tomcat:8.0.19
cpe:/a:apache:tomcat:8.0.20
cpe:/a:apache:tomcat:8.0.21
cpe:/a:apache:tomcat:8.0.22
cpe:/a:apache:tomcat:8.0.23
cpe:/a:apache:tomcat:8.0.24
cpe:/a:apache:tomcat:8.0.25
cpe:/a:apache:tomcat:8.0.26
cpe:/a:apache:tomcat:8.0.27
cpe:/a:apache:tomcat:8.0.28
cpe:/a:apache:tomcat:8.0.29
cpe:/a:apache:tomcat:8.0.30
cpe:/a:apache:tomcat:8.0.31
cpe:/a:apache:tomcat:8.0.32
cpe:/a:apache:tomcat:8.0.33
cpe:/a:apache:tomcat:8.0.34
cpe:/a:apache:tomcat:8.0.35
cpe:/a:apache:tomcat:8.0.36
cpe:/a:apache:tomcat:8.0.37
cpe:/a:apache:tomcat:8.0.38
cpe:/a:apache:tomcat:8.0.39
cpe:/a:apache:tomcat:8.0.40
cpe:/a:apache:tomcat:8.0.41
cpe:/a:apache:tomcat:8.0.42
cpe:/a:apache:tomcat:8.0.43
cpe:/a:apache:tomcat:8.0.44
cpe:/a:apache:tomcat:8.0.47
cpe:/a:apache:tomcat:8.0.48
cpe:/a:apache:tomcat:8.0.49
cpe:/a:apache:tomcat:8.5.0
cpe:/a:apache:tomcat:8.5.1
cpe:/a:apache:tomcat:8.5.2
cpe:/a:apache:tomcat:8.5.3
cpe:/a:apache:tomcat:8.5.4
cpe:/a:apache:tomcat:8.5.5
cpe:/a:apache:tomcat:8.5.6
cpe:/a:apache:tomcat:8.5.7
cpe:/a:apache:tomcat:8.5.8
cpe:/a:apache:tomcat:8.5.9
cpe:/a:apache:tomcat:8.5.10
cpe:/a:apache:tomcat:8.5.11
cpe:/a:apache:tomcat:8.5.12
cpe:/a:apache:tomcat:8.5.13
cpe:/a:apache:tomcat:8.5.14
cpe:/a:apache:tomcat:8.5.15
cpe:/a:apache:tomcat:8.5.23
cpe:/a:apache:tomcat:8.5.24
cpe:/a:apache:tomcat:8.5.27
cpe:/a:apache:tomcat:8.5.28
cpe:/a:apache:tomcat:8.5.29
cpe:/a:apache:tomcat:9.0.0:m1
cpe:/a:apache:tomcat:9.0.0:m10
cpe:/a:apache:tomcat:9.0.0:m11
cpe:/a:apache:tomcat:9.0.0:m12
cpe:/a:apache:tomcat:9.0.0:m13
cpe:/a:apache:tomcat:9.0.0:m14
cpe:/a:apache:tomcat:9.0.0:m15
cpe:/a:apache:tomcat:9.0.0:m16
cpe:/a:apache:tomcat:9.0.0:m17
cpe:/a:apache:tomcat:9.0.0:m18
cpe:/a:apache:tomcat:9.0.0:m19
cpe:/a:apache:tomcat:9.0.0:m2
cpe:/a:apache:tomcat:9.0.0:m20
cpe:/a:apache:tomcat:9.0.0:m21
cpe:/a:apache:tomcat:9.0.0:m3
cpe:/a:apache:tomcat:9.0.0:m4
cpe:/a:apache:tomcat:9.0.0:m5
cpe:/a:apache:tomcat:9.0.0:m6
cpe:/a:apache:tomcat:9.0.0:m7
cpe:/a:apache:tomcat:9.0.0:m8
cpe:/a:apache:tomcat:9.0.0:m9
cpe:/a:apache:tomcat:9.0.1
cpe:/a:apache:tomcat:9.0.2
cpe:/a:apache:tomcat:9.0.3
cpe:/a:apache:tomcat:9.0.4
cpe:/a:apache:tomcat:9.0.5
cpe:/a:apache:tomcat:9.0.6
cpe:/a:apache:tomcat:9.0.7
cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~
cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~
cpe:/o:canonical:ubuntu_linux:17.10
cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8014
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8014
(官方数据源) NVD

- 其它链接及资源

http://tomcat.apache.org/security-7.html
(VENDOR_ADVISORY)  CONFIRM  http://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-8.html
(VENDOR_ADVISORY)  CONFIRM  http://tomcat.apache.org/security-8.html
http://tomcat.apache.org/security-9.html
(VENDOR_ADVISORY)  CONFIRM  http://tomcat.apache.org/security-9.html
http://www.securityfocus.com/bid/104203
(VENDOR_ADVISORY)  BID  104203
http://www.securitytracker.com/id/1040998
(VENDOR_ADVISORY)  SECTRACK  1040998
https://lists.apache.org/thread.html/fbfb713e4f8a4c0f81089b89450828011343593800cae3fb629192b1@%3Cannounce.tomcat.apache.org%3E
(VENDOR_ADVISORY)  CONFIRM  https://lists.apache.org/thread.html/fbfb713e4f8a4c0f81089b89450828011343593800cae3fb629192b1@%3Cannounce.tomcat.apache.org%3E
https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html
(UNKNOWN)  MLIST  [debian-lts-announce] 20180627 [SECURITY] [DLA 1400-1] tomcat7 security update
https://usn.ubuntu.com/3665-1/
(VENDOR_ADVISORY)  UBUNTU  USN-3665-1

- 漏洞信息 (F147995)

Ubuntu Security Notice USN-3665-1 (PacketStormID:F147995)
2018-05-31 00:00:00
Ubuntu  security.ubuntu.com
advisory,remote,web,arbitrary,cgi
linux,ubuntu
CVE-2017-12616,CVE-2017-12617,CVE-2017-15706,CVE-2018-1304,CVE-2018-1305,CVE-2018-8014
[点击下载]

Ubuntu Security Notice 3665-1 - It was discovered that Tomcat incorrectly handled being configured with HTTP PUTs enabled. A remote attacker could use this issue to upload a JSP file to the server and execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 17.10. It was discovered that Tomcat contained incorrect documentation regarding description of the search algorithm used by the CGI Servlet to identify which script to execute. This issue only affected Ubuntu 17.10. Various other issues were also addressed.

==========================================================================
Ubuntu Security Notice USN-3665-1
May 30, 2018

tomcat7, tomcat8 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 17.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in Tomcat.

Software Description:
- tomcat8: Servlet and JSP engine
- tomcat7: Servlet and JSP engine

Details:

It was discovered that Tomcat incorrectly handled being configured with
HTTP PUTs enabled. A remote attacker could use this issue to upload a JSP
file to the server and execute arbitrary code. This issue only affected
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-12616,
CVE-2017-12617)

It was discovered that Tomcat contained incorrect documentation regarding
description of the search algorithm used by the CGI Servlet to identify
which script to execute. This issue only affected Ubuntu 17.10.
(CVE-2017-15706)

It was discovered that Tomcat incorrectly handled en empty string URL
pattern in security constraint definitions. A remote attacker could
possibly use this issue to gain access to web application resources,
contrary to expectations. This issue only affected Ubuntu 14.04 LTS,
Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2018-1304)

It was discovered that Tomcat incorrectly handled applying certain security
constraints. A remote attacker could possibly access certain resources,
contrary to expectations. This issue only affected Ubuntu 14.04 LTS,
Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2018-1305)

It was discovered that the Tomcat CORS filter default settings were
insecure and would enable 'supportsCredentials' for all origins, contrary
to expectations. (CVE-2018-8014)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  libtomcat8-java                 8.5.30-1ubuntu1.2
  tomcat8                         8.5.30-1ubuntu1.2

Ubuntu 17.10:
  libtomcat8-java                 8.5.21-1ubuntu1.1
  tomcat8                         8.5.21-1ubuntu1.1

Ubuntu 16.04 LTS:
  libtomcat8-java                 8.0.32-1ubuntu1.6
  tomcat8                         8.0.32-1ubuntu1.6

Ubuntu 14.04 LTS:
  libtomcat7-java                 7.0.52-1ubuntu0.14
  tomcat7                         7.0.52-1ubuntu0.14

In general, a standard system update will make all the necessary changes.

References:
  https://usn.ubuntu.com/usn/usn-3665-1
  CVE-2017-12616, CVE-2017-12617, CVE-2017-15706, CVE-2018-1304,
  CVE-2018-1305, CVE-2018-8014

Package Information:
  https://launchpad.net/ubuntu/+source/tomcat8/8.5.30-1ubuntu1.2
  https://launchpad.net/ubuntu/+source/tomcat8/8.5.21-1ubuntu1.1
  https://launchpad.net/ubuntu/+source/tomcat8/8.0.32-1ubuntu1.6
  https://launchpad.net/ubuntu/+source/tomcat7/7.0.52-1ubuntu0.14

    

- 漏洞信息

Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
Unknown 104203
Yes No
2018-05-15 12:00:00 2018-05-15 12:00:00
The vendor reported this issue.

- 受影响的程序版本

Apache Tomcat 9.0.8
Apache Tomcat 9.0.5
Apache Tomcat 9.0.4
Apache Tomcat 9.0.1
Apache Tomcat 8.5.31
Apache Tomcat 8.5.28
Apache Tomcat 8.5.27
Apache Tomcat 8.5.23
Apache Tomcat 8.5.16
Apache Tomcat 8.5.15
Apache Tomcat 8.5.14
Apache Tomcat 8.5.13
Apache Tomcat 8.5.12
Apache Tomcat 8.5.11
Apache Tomcat 8.5.9
Apache Tomcat 8.5.8
Apache Tomcat 8.5.7
Apache Tomcat 8.5.6
Apache Tomcat 8.5.5
Apache Tomcat 8.5.4
Apache Tomcat 8.5.1
Apache Tomcat 8.0.52
Apache Tomcat 8.0.50
Apache Tomcat 8.0.49
Apache Tomcat 8.0.47
Apache Tomcat 8.0.45
Apache Tomcat 8.0.44
Apache Tomcat 8.0.43
Apache Tomcat 8.0.42
Apache Tomcat 8.0.41
Apache Tomcat 8.0.40
Apache Tomcat 8.0.39
Apache Tomcat 8.0.38
Apache Tomcat 8.0.37
Apache Tomcat 8.0.36
Apache Tomcat 8.0.35
Apache Tomcat 8.0.34
Apache Tomcat 8.0.33
Apache Tomcat 8.0.30
Apache Tomcat 8.0.27
Apache Tomcat 8.0.19
Apache Tomcat 8.0.17
Apache Tomcat 8.0.15
Apache Tomcat 8.0.5
Apache Tomcat 8.0.3
Apache Tomcat 8.0.1
Apache Tomcat 7.0.88
Apache Tomcat 7.0.85
Apache Tomcat 7.0.84
Apache Tomcat 7.0.82
Apache Tomcat 7.0.81
Apache Tomcat 7.0.80
Apache Tomcat 7.0.79
Apache Tomcat 7.0.78
Apache Tomcat 7.0.77
Apache Tomcat 7.0.76
Apache Tomcat 7.0.75
Apache Tomcat 7.0.74
Apache Tomcat 7.0.73
Apache Tomcat 7.0.72
Apache Tomcat 7.0.70
Apache Tomcat 7.0.69
Apache Tomcat 7.0.67
Apache Tomcat 7.0.65
Apache Tomcat 7.0.60
Apache Tomcat 7.0.59
Apache Tomcat 7.0.57
Apache Tomcat 7.0.54
Apache Tomcat 7.0.53
Apache Tomcat 7.0.50
Apache Tomcat 9.0.0.M9
Apache Tomcat 9.0.0.M7
Apache Tomcat 9.0.0.M5
Apache Tomcat 9.0.0.M4
Apache Tomcat 9.0.0.M3
Apache Tomcat 9.0.0.M22
Apache Tomcat 9.0.0.M21
Apache Tomcat 9.0.0.M20
Apache Tomcat 9.0.0.M2
Apache Tomcat 9.0.0.M19
Apache Tomcat 9.0.0.M18
Apache Tomcat 9.0.0.M17
Apache Tomcat 9.0.0.M15
Apache Tomcat 9.0.0.M13
Apache Tomcat 9.0.0.M12
Apache Tomcat 9.0.0.M11
Apache Tomcat 9.0.0.M10
Apache Tomcat 9.0.0.M1
Apache Tomcat 8.5.3
Apache Tomcat 8.5.2
Apache Tomcat 8.5.0
Apache Tomcat 8.0.32
Apache Tomcat 8.0.0.RC1
Apache Tomcat 7.0.68
Apache Tomcat 7.0.55
Apache Tomcat 7.0.49
Apache Tomcat 7.0.48
Apache Tomcat 7.0.47
Apache Tomcat 7.0.46
Apache Tomcat 7.0.45
Apache Tomcat 7.0.44
Apache Tomcat 7.0.43
Apache Tomcat 7.0.42
Apache Tomcat 7.0.41
,Apache Tomcat 9.0.9
Apache Tomcat 8.5.32
Apache Tomcat 8.0.53
Apache Tomcat 7.0.89

- 不受影响的程序版本

Apache Tomcat 9.0.9
Apache Tomcat 8.5.32
Apache Tomcat 8.0.53
Apache Tomcat 7.0.89

- 漏洞讨论

Apache Tomcat is prone to a security-bypass vulnerability.

Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks.

The following products are affected:
Apache Tomcat 9.0.0.M1 through 9.0.8
Apache Tomcat 8.5.0 through 8.5.31
Apache Tomcat 8.0.0.RC1 through 8.0.52
Apache Tomcat 7.0.41 through 7.0.88

- 漏洞利用

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

Updates are available. Please see the references or vendor advisory for more information.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站