CVE-2016-0706

Published on: 02/24/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:13 PM UTC

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Certain versions of Tomcat from Apache contain the following vulnerability:

Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.

  • CVE-2016-0706 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 4.3 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED LOW NONE NONE

CVSS2 Score: 4 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK LOW SINGLE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL NONE NONE

CVE References

Description Tags Link
Oracle Solaris Bulletin - April 2016 www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
'[security bulletin] HPSBUX03561 rev.1 - HPE HP-UX using Apache Tomcat, Remote Access Restriction Byp' - MARC Third Party Advisory
marc.info
text/html
URL Logo HP HPSBUX03561
Pony Mail! lists.apache.org
text/html
URL Logo MLIST [tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
Pony Mail! lists.apache.org
text/html
URL Logo MLIST [tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:2045
[Apache-SVN] Revision 1722799 Issue Tracking
svn.apache.org
text/html
URL Logo CONFIRM svn.apache.org/viewvc?view=revision&revision=1722799
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:2808
Debian -- Security Information -- DSA-3609-1 tomcat8 Third Party Advisory
www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-3609
CPU July 2018 www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
[security-announce] SUSE-SU-2016:0769-1: important: Security update for lists.opensuse.org
text/html
URL Logo SUSE SUSE-SU-2016:0769
Pony Mail! lists.apache.org
text/html
URL Logo MLIST [tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/
Oracle Linux Bulletin - October 2016 www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
Bugtraq: [SECURITY] CVE-2016-0706 Apache Tomcat Security Manager bypass Mailing List
seclists.org
text/html
URL Logo BUGTRAQ 20160222 [SECURITY] CVE-2016-0706 Apache Tomcat Security Manager bypass
[security-announce] SUSE-SU-2016:0822-1: important: Security update for lists.opensuse.org
text/html
URL Logo SUSE SUSE-SU-2016:0822
Oracle Critical Patch Update - October 2016 www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
[Apache-SVN] Revision 1722800 svn.apache.org
text/html
URL Logo CONFIRM svn.apache.org/viewvc?view=revision&revision=1722800
[security-announce] openSUSE-SU-2016:0865-1: important: Security update lists.opensuse.org
text/html
URL Logo SUSE openSUSE-SU-2016:0865
February 2016 Apache Tomcat Vulnerabilities in NetApp Products | NetApp Product Security security.netapp.com
text/html
URL Logo CONFIRM security.netapp.com/advisory/ntap-20180531-0001/
Pony Mail! lists.apache.org
text/html
URL Logo MLIST [tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/
Red Hat Customer Portal access.redhat.com
text/html
URL Logo REDHAT RHSA-2016:1087
Document Display | HPE Support Center Third Party Advisory
h20566.www2.hpe.com
text/html
URL Logo CONFIRM h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626
Document Display | HPE Support Center Third Party Advisory
h20566.www2.hpe.com
text/html
URL Logo CONFIRM h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:2807
Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability cve.report (archive)
text/html
URL Logo BID 83324
USN-3024-1: Tomcat vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
URL Logo UBUNTU USN-3024-1
Debian -- Security Information -- DSA-3530-1 tomcat6 Mailing List
Third Party Advisory
www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-3530
[Apache-SVN] Revision 1722801 Issue Tracking
svn.apache.org
text/html
URL Logo CONFIRM svn.apache.org/viewvc?view=revision&revision=1722801
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:2599
No Description Provided rhn.redhat.com

Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:1089
Pony Mail! lists.apache.org
text/html
URL Logo MLIST [tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
Broadcom Support Portal bto.bluecoat.com
text/html
URL Logo CONFIRM bto.bluecoat.com/security-advisory/sa118
Document Display | HPE Support Center Vendor Advisory
h20566.www2.hpe.com
text/html
URL Logo CONFIRM h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964
[security-announce] SUSE-SU-2016:0839-1: important: Security update for lists.opensuse.org
text/html
URL Logo SUSE SUSE-SU-2016:0839
Apache Tomcat® - Apache Tomcat 7 vulnerabilities Vendor Advisory
tomcat.apache.org
text/html
URL Logo CONFIRM tomcat.apache.org/security-7.html
Apache Tomcat® - Apache Tomcat 8 vulnerabilities Vendor Advisory
tomcat.apache.org
text/html
URL Logo CONFIRM tomcat.apache.org/security-8.html
Apache Tomcat Bugs Let Remote Users Bypass Security Restrictions, Hijack Sessions, and Obtain Potentially Sensitive Information - SecurityTracker www.securitytracker.com
text/html
URL Logo SECTRACK 1035069
Pony Mail! lists.apache.org
text/html
URL Logo MLIST [tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/
Apache Tomcat: Multiple vulnerabilities (GLSA 201705-09) — Gentoo Security security.gentoo.org
text/html
URL Logo GENTOO GLSA-201705-09
Pony Mail! lists.apache.org
text/html
URL Logo MLIST [tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/
Red Hat Customer Portal access.redhat.com
text/html
URL Logo REDHAT RHSA-2016:1088
[Apache-SVN] Revision 1722802 Issue Tracking
svn.apache.org
text/html
URL Logo CONFIRM svn.apache.org/viewvc?view=revision&revision=1722802
Oracle Critical Patch Update - October 2017 www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Apache Tomcat - Apache Tomcat 8 vulnerabilities Vendor Advisory
tomcat.apache.org
text/html
URL Logo CONFIRM tomcat.apache.org/security-9.html
Debian -- Security Information -- DSA-3552-1 tomcat7 Third Party Advisory
www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-3552
Apache Tomcat® - Apache Tomcat 6 vulnerabilities Vendor Advisory
tomcat.apache.org
text/html
URL Logo CONFIRM tomcat.apache.org/security-6.html

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationApacheTomcat6.0.0AllAllAll
ApplicationApacheTomcat6.0.0alphaAllAll
ApplicationApacheTomcat6.0.1AllAllAll
ApplicationApacheTomcat6.0.1alphaAllAll
ApplicationApacheTomcat6.0.10AllAllAll
ApplicationApacheTomcat6.0.11AllAllAll
ApplicationApacheTomcat6.0.13AllAllAll
ApplicationApacheTomcat6.0.14AllAllAll
ApplicationApacheTomcat6.0.16AllAllAll
ApplicationApacheTomcat6.0.18AllAllAll
ApplicationApacheTomcat6.0.2AllAllAll
ApplicationApacheTomcat6.0.2alphaAllAll
ApplicationApacheTomcat6.0.2betaAllAll
ApplicationApacheTomcat6.0.20AllAllAll
ApplicationApacheTomcat6.0.24AllAllAll
ApplicationApacheTomcat6.0.26AllAllAll
ApplicationApacheTomcat6.0.28AllAllAll
ApplicationApacheTomcat6.0.29AllAllAll
ApplicationApacheTomcat6.0.30AllAllAll
ApplicationApacheTomcat6.0.32AllAllAll
ApplicationApacheTomcat6.0.33AllAllAll
ApplicationApacheTomcat6.0.35AllAllAll
ApplicationApacheTomcat6.0.36AllAllAll
ApplicationApacheTomcat6.0.37AllAllAll
ApplicationApacheTomcat6.0.39AllAllAll
ApplicationApacheTomcat6.0.4AllAllAll
ApplicationApacheTomcat6.0.4alphaAllAll
ApplicationApacheTomcat6.0.41AllAllAll
ApplicationApacheTomcat6.0.43AllAllAll
ApplicationApacheTomcat6.0.44AllAllAll
ApplicationApacheTomcat7.0.0betaAllAll
ApplicationApacheTomcat7.0.10AllAllAll
ApplicationApacheTomcat7.0.11AllAllAll
ApplicationApacheTomcat7.0.12AllAllAll
ApplicationApacheTomcat7.0.14AllAllAll
ApplicationApacheTomcat7.0.16AllAllAll
ApplicationApacheTomcat7.0.19AllAllAll
ApplicationApacheTomcat7.0.2betaAllAll
ApplicationApacheTomcat7.0.20AllAllAll
ApplicationApacheTomcat7.0.21AllAllAll
ApplicationApacheTomcat7.0.22AllAllAll
ApplicationApacheTomcat7.0.23AllAllAll
ApplicationApacheTomcat7.0.25AllAllAll
ApplicationApacheTomcat7.0.26AllAllAll
ApplicationApacheTomcat7.0.27AllAllAll
ApplicationApacheTomcat7.0.28AllAllAll
ApplicationApacheTomcat7.0.29AllAllAll
ApplicationApacheTomcat7.0.30AllAllAll
ApplicationApacheTomcat7.0.32AllAllAll
ApplicationApacheTomcat7.0.33AllAllAll
ApplicationApacheTomcat7.0.34AllAllAll
ApplicationApacheTomcat7.0.35AllAllAll
ApplicationApacheTomcat7.0.37AllAllAll
ApplicationApacheTomcat7.0.39AllAllAll
ApplicationApacheTomcat7.0.4betaAllAll
ApplicationApacheTomcat7.0.40AllAllAll
ApplicationApacheTomcat7.0.41AllAllAll
ApplicationApacheTomcat7.0.42AllAllAll
ApplicationApacheTomcat7.0.47AllAllAll
ApplicationApacheTomcat7.0.5betaAllAll
ApplicationApacheTomcat7.0.50AllAllAll
ApplicationApacheTomcat7.0.52AllAllAll
ApplicationApacheTomcat7.0.53AllAllAll
ApplicationApacheTomcat7.0.54AllAllAll
ApplicationApacheTomcat7.0.55AllAllAll
ApplicationApacheTomcat7.0.56AllAllAll
ApplicationApacheTomcat7.0.57AllAllAll
ApplicationApacheTomcat7.0.59AllAllAll
ApplicationApacheTomcat7.0.6AllAllAll
ApplicationApacheTomcat7.0.61AllAllAll
ApplicationApacheTomcat7.0.62AllAllAll
ApplicationApacheTomcat7.0.63AllAllAll
ApplicationApacheTomcat7.0.64AllAllAll
ApplicationApacheTomcat7.0.65AllAllAll
ApplicationApacheTomcat7.0.67AllAllAll
ApplicationApacheTomcat8.0.0rc1AllAll
ApplicationApacheTomcat8.0.0rc10AllAll
ApplicationApacheTomcat8.0.0rc3AllAll
ApplicationApacheTomcat8.0.0rc5AllAll
ApplicationApacheTomcat8.0.1AllAllAll
ApplicationApacheTomcat8.0.11AllAllAll
ApplicationApacheTomcat8.0.12AllAllAll
ApplicationApacheTomcat8.0.14AllAllAll
ApplicationApacheTomcat8.0.15AllAllAll
ApplicationApacheTomcat8.0.17AllAllAll
ApplicationApacheTomcat8.0.18AllAllAll
ApplicationApacheTomcat8.0.20AllAllAll
ApplicationApacheTomcat8.0.21AllAllAll
ApplicationApacheTomcat8.0.22AllAllAll
ApplicationApacheTomcat8.0.23AllAllAll
ApplicationApacheTomcat8.0.24AllAllAll
ApplicationApacheTomcat8.0.26AllAllAll
ApplicationApacheTomcat8.0.27AllAllAll
ApplicationApacheTomcat8.0.28AllAllAll
ApplicationApacheTomcat8.0.29AllAllAll
ApplicationApacheTomcat8.0.3AllAllAll
ApplicationApacheTomcat8.0.30AllAllAll
ApplicationApacheTomcat9.0.0m1AllAll
ApplicationApacheTomcat6.0.0AllAllAll
ApplicationApacheTomcat6.0.0alphaAllAll
ApplicationApacheTomcat6.0.1AllAllAll
ApplicationApacheTomcat6.0.1alphaAllAll
ApplicationApacheTomcat6.0.10AllAllAll
ApplicationApacheTomcat6.0.11AllAllAll
ApplicationApacheTomcat6.0.13AllAllAll
ApplicationApacheTomcat6.0.14AllAllAll
ApplicationApacheTomcat6.0.16AllAllAll
ApplicationApacheTomcat6.0.18AllAllAll
ApplicationApacheTomcat6.0.2AllAllAll
ApplicationApacheTomcat6.0.2alphaAllAll
ApplicationApacheTomcat6.0.2betaAllAll
ApplicationApacheTomcat6.0.20AllAllAll
ApplicationApacheTomcat6.0.24AllAllAll
ApplicationApacheTomcat6.0.26AllAllAll
ApplicationApacheTomcat6.0.28AllAllAll
ApplicationApacheTomcat6.0.29AllAllAll
ApplicationApacheTomcat6.0.30AllAllAll
ApplicationApacheTomcat6.0.32AllAllAll
ApplicationApacheTomcat6.0.33AllAllAll
ApplicationApacheTomcat6.0.35AllAllAll
ApplicationApacheTomcat6.0.36AllAllAll
ApplicationApacheTomcat6.0.37AllAllAll
ApplicationApacheTomcat6.0.39AllAllAll
ApplicationApacheTomcat6.0.4AllAllAll
ApplicationApacheTomcat6.0.4alphaAllAll
ApplicationApacheTomcat6.0.41AllAllAll
ApplicationApacheTomcat6.0.43AllAllAll
ApplicationApacheTomcat6.0.44AllAllAll
ApplicationApacheTomcat7.0.0betaAllAll
ApplicationApacheTomcat7.0.10AllAllAll
ApplicationApacheTomcat7.0.11AllAllAll
ApplicationApacheTomcat7.0.12AllAllAll
ApplicationApacheTomcat7.0.14AllAllAll
ApplicationApacheTomcat7.0.16AllAllAll
ApplicationApacheTomcat7.0.19AllAllAll
ApplicationApacheTomcat7.0.2betaAllAll
ApplicationApacheTomcat7.0.20AllAllAll
ApplicationApacheTomcat7.0.21AllAllAll
ApplicationApacheTomcat7.0.22AllAllAll
ApplicationApacheTomcat7.0.23AllAllAll
ApplicationApacheTomcat7.0.25AllAllAll
ApplicationApacheTomcat7.0.26AllAllAll
ApplicationApacheTomcat7.0.27AllAllAll
ApplicationApacheTomcat7.0.28AllAllAll
ApplicationApacheTomcat7.0.29AllAllAll
ApplicationApacheTomcat7.0.30AllAllAll
ApplicationApacheTomcat7.0.32AllAllAll
ApplicationApacheTomcat7.0.33AllAllAll
ApplicationApacheTomcat7.0.34AllAllAll
ApplicationApacheTomcat7.0.35AllAllAll
ApplicationApacheTomcat7.0.37AllAllAll
ApplicationApacheTomcat7.0.39AllAllAll
ApplicationApacheTomcat7.0.4betaAllAll
ApplicationApacheTomcat7.0.40AllAllAll
ApplicationApacheTomcat7.0.41AllAllAll
ApplicationApacheTomcat7.0.42AllAllAll
ApplicationApacheTomcat7.0.47AllAllAll
ApplicationApacheTomcat7.0.5betaAllAll
ApplicationApacheTomcat7.0.50AllAllAll
ApplicationApacheTomcat7.0.52AllAllAll
ApplicationApacheTomcat7.0.53AllAllAll
ApplicationApacheTomcat7.0.54AllAllAll
ApplicationApacheTomcat7.0.55AllAllAll
ApplicationApacheTomcat7.0.56AllAllAll
ApplicationApacheTomcat7.0.57AllAllAll
ApplicationApacheTomcat7.0.59AllAllAll
ApplicationApacheTomcat7.0.6AllAllAll
ApplicationApacheTomcat7.0.61AllAllAll
ApplicationApacheTomcat7.0.62AllAllAll
ApplicationApacheTomcat7.0.63AllAllAll
ApplicationApacheTomcat7.0.64AllAllAll
ApplicationApacheTomcat7.0.65AllAllAll
ApplicationApacheTomcat7.0.67AllAllAll
ApplicationApacheTomcat8.0.0rc1AllAll
ApplicationApacheTomcat8.0.0rc10AllAll
ApplicationApacheTomcat8.0.0rc3AllAll
ApplicationApacheTomcat8.0.0rc5AllAll
ApplicationApacheTomcat8.0.1AllAllAll
ApplicationApacheTomcat8.0.11AllAllAll
ApplicationApacheTomcat8.0.12AllAllAll
ApplicationApacheTomcat8.0.14AllAllAll
ApplicationApacheTomcat8.0.15AllAllAll
ApplicationApacheTomcat8.0.17AllAllAll
ApplicationApacheTomcat8.0.18AllAllAll
ApplicationApacheTomcat8.0.20AllAllAll
ApplicationApacheTomcat8.0.21AllAllAll
ApplicationApacheTomcat8.0.22AllAllAll
ApplicationApacheTomcat8.0.23AllAllAll
ApplicationApacheTomcat8.0.24AllAllAll
ApplicationApacheTomcat8.0.26AllAllAll
ApplicationApacheTomcat8.0.27AllAllAll
ApplicationApacheTomcat8.0.28AllAllAll
ApplicationApacheTomcat8.0.29AllAllAll
ApplicationApacheTomcat8.0.3AllAllAll
ApplicationApacheTomcat8.0.30AllAllAll
ApplicationApacheTomcat9.0.0m1AllAll
Operating
System
CanonicalUbuntu Linux12.04AllAllAll
Operating
System
CanonicalUbuntu Linux14.04AllAllAll
Operating
System
CanonicalUbuntu Linux15.10AllAllAll
Operating
System
CanonicalUbuntu Linux16.04AllAllAll
Operating
System
CanonicalUbuntu Linux12.04AllAllAll
Operating
System
CanonicalUbuntu Linux14.04AllAllAll
Operating
System
CanonicalUbuntu Linux15.10AllAllAll
Operating
System
CanonicalUbuntu Linux16.04AllAllAll
Operating
System
DebianDebian Linux7.0AllAllAll
Operating
System
DebianDebian Linux8.0AllAllAll
Operating
System
DebianDebian Linux7.0AllAllAll
Operating
System
DebianDebian Linux8.0AllAllAll
  • cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.36:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.37:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.39:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.4:alpha:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.41:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.43:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.44:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.5:beta:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.52:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.53:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.54:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.55:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.56:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.57:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.59:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.61:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.62:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.63:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.64:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.65:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.67:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:8.0.0:rc3:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:8.0.11:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:8.0.12:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:8.0.14:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:8.0.15:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:8.0.17:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:8.0.18:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:8.0.20:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:8.0.21:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:8.0.22:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:8.0.23:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:8.0.24:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:8.0.26:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:8.0.27:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:8.0.28:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:8.0.29:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:8.0.30:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:9.0.0:m1:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.36:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.37:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.39:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.4:alpha:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.41:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.43:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0.44:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.5:beta:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.52:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.53:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.54:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.55:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.56:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.57:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.59:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.61:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.62:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.63:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.64:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.65:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0.67:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:8.0.0:rc3:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:8.0.11:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:8.0.12:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:8.0.14:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:8.0.15:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:8.0.17:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:8.0.18:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:8.0.20:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:8.0.21:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:8.0.22:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:8.0.23:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:8.0.24:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:8.0.26:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:8.0.27:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:8.0.28:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:8.0.29:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:8.0.30:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:9.0.0:m1:*:*:*:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*: