The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
AND |
|
History
08 Dec 2023, 16:41
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:* | |
References |
|
|
Information
Published : 2018-05-16 16:29
Updated : 2024-02-04 19:46
NVD link : CVE-2018-8014
Mitre link : CVE-2018-8014
CVE.ORG link : CVE-2018-8014
JSON object : View
Products Affected
netapp
- oncommand_unified_manager
- snapcenter_server
- oncommand_workflow_automation
- oncommand_insight
- storage_automation_store
microsoft
- windows
canonical
- ubuntu_linux
apache
- tomcat
debian
- debian_linux
CWE
CWE-1188
Insecure Default Initialization of Resource