CVE-2018-8014 vulnerability in Apache and Other Products
Published on May 16, 2018
The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue.
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
NVD
Products Associated with CVE-2018-8014
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-8014 are published in these products:
Affected Versions
Apache Software Foundation Apache Tomcat:- Version 9.0.0.M1 to 9.0.8 is affected.
- Version 8.5.0 to 8.5.31 is affected.
- Version 8.0.0.RC1 to 8.0.52 is affected.
- Version 7.0.41 to 7.0.88 is affected.
Exploit Probability
EPSS
48.79%
Percentile
97.69%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.