Uploaded image for project: 'SonarQube'
  1. SonarQube
  2. SONAR-11680

CVE-2018-1336 / CVE-2018-8014 - Apache Tomcat

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 6.7
    • Fix Version/s: 6.7.7, 7.7
    • Component/s: None
    • Labels:
      None
    • Edition:
      Community
    • Production Notes:
      None

      Description

      A customer has reported that a security scan flagged Apache Tomcat 8.5.23 as being vulnerable to the following CVEs

      • Denial Of Service Overflow (CVE-2018-1336 fixed in 8.5.31)
      • Default settings for the CORS filter (CVE-2018-8014 fixed in 8.5.32)
        Apache Tomcat 8.5.23 is used in both SonarQube 6.7.6 LTS and SonarQube 7.6

      The latest version of Apache Tomcat 8.5.x is 8.5.34. Apache does a good job noting vulnerability fixes here, and looks like there are a few other CVEs that have been addressed.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              simon.brandhof Simon Brandhof (Inactive)
              Reporter:
              lars.svensson Lars Svensson (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Dates

                Due:
                Created:
                Updated:
                Resolved: