suse · CVE-2018-1305

Quick triage

Priority: medium Published: 2021-05-30 14:07:04 UTC Updated: 2025-04-07 23:50:55 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2018-1305 severity moderate: SUSE including 66 source package names (tomcat, tomcat-7.0.76-9.el7, …), 292 product×package rows across 38 product lines (SUSE CaaS Platform 4.0, SUSE Enterprise Storage 7, … (38 product lines)): Known Not Affected 174, Fixed 118.

Description:

Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them.

cvelogic Threat Intelligence