{"cve_id":"CVE-2020-1938","summary":"When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.","cvss":9.8,"cvss_version":3.0,"cvss_v2":7.5,"cvss_v3":9.8,"epss":0.94469,"ranking_epss":0.99997,"kev":true,"propose_action":"Apache Tomcat treats Apache JServ Protocol (AJP) connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited.","ransomware_campaign":"Unknown","references":["http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html","http://support.blackberry.com/kb/articleDetail?articleNumber=000062739","https://lists.apache.org/thread.html/r089dc67c0358a1556dd279c762c74f32d7a254a54836b7ee2d839d8e%40%3Cdev.tomee.apache.org%3E","https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E","https://lists.apache.org/thread.html/r17aaa3a05b5b7fe9075613dd0c681efa60a4f8c8fbad152c61371b6e%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r38a5b7943b9a62ecb853acc22ef08ff586a7b3c66e08f949f0396ab1%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r43faacf64570b1d9a4bada407a5af3b2738b0c007b905f1b6b608c65%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r47caef01f663106c2bb81d116b8380d62beac9e543dd3f3bc2c2beda%40%3Ccommits.tomee.apache.org%3E","https://lists.apache.org/thread.html/r4afa11e0464408e68f0e9560e90b185749363a66398b1491254f7864%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r4f86cb260196e5cfcbbe782822c225ddcc70f54560f14a8f11c6926f%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r549b43509e387a42656f0641fa311bf27c127c244fe02007d5b8d6f6%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r57f5e4ced436ace518a9e222fabe27fb785f09f5bf974814cc48ca97%40%3Ccommits.tomee.apache.org%3E","https://lists.apache.org/thread.html/r5e2f1201b92ee05a0527cfc076a81ea0c270be299b87895c0ddbe02b%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r61f280a76902b594692f0b24a1dbf647bb5a4c197b9395e9a6796e7c%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r6a5633cad1b560a1e51f5b425f02918bdf30e090fdf18c5f7c2617eb%40%3Ccommits.tomee.apache.org%3E","https://lists.apache.org/thread.html/r74328b178f9f37fe759dffbc9c1f2793e66d79d7a8a20d3836551794%40%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/r75113652e46c4dee687236510649acfb70d2c63e074152049c3f399d%40%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/r772335e6851ad33ddb076218fa4ff70de1bf398d5b43e2ddf0130e5d%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r7c6f492fbd39af34a68681dbbba0468490ff1a97a1bd79c6a53610ef%40%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r856cdd87eda7af40b50278d6de80ee4b42d63adeb433a34a7bdaf9db%40%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/r8f7484589454638af527182ae55ef5b628ba00c05c5b11887c922fb1%40%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E","https://lists.apache.org/thread.html/r92d78655c068d0bc991d1edbdfb24f9c5134603e647cade1113d4e0a%40%3Cusers.tomee.apache.org%3E","https://lists.apache.org/thread.html/r9f119d9ce9239114022e13dbfe385b3de7c972f24f05d6dbd35c1a2f%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/ra7092f7492569b39b04ec0decf52628ba86c51f15efb38f5853e2760%40%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/rad36ec6a1ffc9e43266b030c22ceeea569243555d34fb4187ff08522%40%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rb2fc890bef23cbc7f343900005fe1edd3b091cf18dada455580258f9%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rbdb1d2b651a3728f0ceba9e0853575b6f90296a94a71836a15f7364a%40%3Cdev.tomee.apache.org%3E","https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2%40%3Cdev.tomee.apache.org%3E","https://lists.apache.org/thread.html/rcd5cd301e9e7e39f939baf2f5d58704750be07a5e2d3393e40ca7194%40%3Ccommits.tomee.apache.org%3E","https://lists.apache.org/thread.html/rce2af55f6e144ffcdc025f997eddceb315dfbc0b230e3d750a7f7425%40%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/rd0774c95699d5aeb5e16e9a600fb2ea296e81175e30a62094e27e3e7%40%3Ccommits.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/rd50baccd1bbb96c2327d5a8caa25a49692b3d68d96915bd1cfbb9f8b%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/re5eecbe5bf967439bafeeaa85987b3a43f0e6efe06b6976ee768cde2%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E","https://lists.apache.org/thread.html/rf26663f42e7f1a1d1cac732469fb5e92c89908a48b61ec546dbb79ca%40%3Cbugs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rf992c5adf376294af31378a70aa8a158388a41d7039668821be28df3%40%3Ccommits.tomee.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html","https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L46WJIV6UV3FWA5O5YEY6XLA73RYD53B/","https://security.gentoo.org/glsa/202003-43","https://security.netapp.com/advisory/ntap-20200226-0002/","https://www.debian.org/security/2020/dsa-4673","https://www.debian.org/security/2020/dsa-4680","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html","http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html","http://support.blackberry.com/kb/articleDetail?articleNumber=000062739","https://lists.apache.org/thread.html/r089dc67c0358a1556dd279c762c74f32d7a254a54836b7ee2d839d8e%40%3Cdev.tomee.apache.org%3E","https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E","https://lists.apache.org/thread.html/r17aaa3a05b5b7fe9075613dd0c681efa60a4f8c8fbad152c61371b6e%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r38a5b7943b9a62ecb853acc22ef08ff586a7b3c66e08f949f0396ab1%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r43faacf64570b1d9a4bada407a5af3b2738b0c007b905f1b6b608c65%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r47caef01f663106c2bb81d116b8380d62beac9e543dd3f3bc2c2beda%40%3Ccommits.tomee.apache.org%3E","https://lists.apache.org/thread.html/r4afa11e0464408e68f0e9560e90b185749363a66398b1491254f7864%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r4f86cb260196e5cfcbbe782822c225ddcc70f54560f14a8f11c6926f%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r549b43509e387a42656f0641fa311bf27c127c244fe02007d5b8d6f6%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r57f5e4ced436ace518a9e222fabe27fb785f09f5bf974814cc48ca97%40%3Ccommits.tomee.apache.org%3E","https://lists.apache.org/thread.html/r5e2f1201b92ee05a0527cfc076a81ea0c270be299b87895c0ddbe02b%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r61f280a76902b594692f0b24a1dbf647bb5a4c197b9395e9a6796e7c%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r6a5633cad1b560a1e51f5b425f02918bdf30e090fdf18c5f7c2617eb%40%3Ccommits.tomee.apache.org%3E","https://lists.apache.org/thread.html/r74328b178f9f37fe759dffbc9c1f2793e66d79d7a8a20d3836551794%40%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/r75113652e46c4dee687236510649acfb70d2c63e074152049c3f399d%40%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/r772335e6851ad33ddb076218fa4ff70de1bf398d5b43e2ddf0130e5d%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r7c6f492fbd39af34a68681dbbba0468490ff1a97a1bd79c6a53610ef%40%3Cannounce.tomcat.apache.org%3E","https://lists.apache.org/thread.html/r856cdd87eda7af40b50278d6de80ee4b42d63adeb433a34a7bdaf9db%40%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/r8f7484589454638af527182ae55ef5b628ba00c05c5b11887c922fb1%40%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E","https://lists.apache.org/thread.html/r92d78655c068d0bc991d1edbdfb24f9c5134603e647cade1113d4e0a%40%3Cusers.tomee.apache.org%3E","https://lists.apache.org/thread.html/r9f119d9ce9239114022e13dbfe385b3de7c972f24f05d6dbd35c1a2f%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/ra7092f7492569b39b04ec0decf52628ba86c51f15efb38f5853e2760%40%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/rad36ec6a1ffc9e43266b030c22ceeea569243555d34fb4187ff08522%40%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3Cdev.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rb2fc890bef23cbc7f343900005fe1edd3b091cf18dada455580258f9%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rbdb1d2b651a3728f0ceba9e0853575b6f90296a94a71836a15f7364a%40%3Cdev.tomee.apache.org%3E","https://lists.apache.org/thread.html/rc068e824654c4b8bd4f2490bec869e29edbfcd5dfe02d47cbf7433b2%40%3Cdev.tomee.apache.org%3E","https://lists.apache.org/thread.html/rcd5cd301e9e7e39f939baf2f5d58704750be07a5e2d3393e40ca7194%40%3Ccommits.tomee.apache.org%3E","https://lists.apache.org/thread.html/rce2af55f6e144ffcdc025f997eddceb315dfbc0b230e3d750a7f7425%40%3Cnotifications.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/rd0774c95699d5aeb5e16e9a600fb2ea296e81175e30a62094e27e3e7%40%3Ccommits.ofbiz.apache.org%3E","https://lists.apache.org/thread.html/rd50baccd1bbb96c2327d5a8caa25a49692b3d68d96915bd1cfbb9f8b%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/re5eecbe5bf967439bafeeaa85987b3a43f0e6efe06b6976ee768cde2%40%3Cusers.tomcat.apache.org%3E","https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E","https://lists.apache.org/thread.html/rf26663f42e7f1a1d1cac732469fb5e92c89908a48b61ec546dbb79ca%40%3Cbugs.httpd.apache.org%3E","https://lists.apache.org/thread.html/rf992c5adf376294af31378a70aa8a158388a41d7039668821be28df3%40%3Ccommits.tomee.apache.org%3E","https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html","https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XFLQB3O5QVP4ZBIPVIXBEZV7F2R7ZMS/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3IPNHCKFVUKSHDTM45UL4Q765EHHTFG/","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L46WJIV6UV3FWA5O5YEY6XLA73RYD53B/","https://security.gentoo.org/glsa/202003-43","https://security.netapp.com/advisory/ntap-20200226-0002/","https://www.debian.org/security/2020/dsa-4673","https://www.debian.org/security/2020/dsa-4680","https://www.oracle.com/security-alerts/cpujan2021.html","https://www.oracle.com/security-alerts/cpujul2020.html","https://www.oracle.com/security-alerts/cpuoct2020.html","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1938"],"published_time":"2020-02-24T22:15:12","cpes":["cpe:2.3:a:apache:geode:1.12.0","cpe:2.3:a:apache:tomcat:7.0.0","cpe:2.3:a:apache:tomcat:7.0.1","cpe:2.3:a:apache:tomcat:7.0.10","cpe:2.3:a:apache:tomcat:7.0.11","cpe:2.3:a:apache:tomcat:7.0.12","cpe:2.3:a:apache:tomcat:7.0.13","cpe:2.3:a:apache:tomcat:7.0.14","cpe:2.3:a:apache:tomcat:7.0.15","cpe:2.3:a:apache:tomcat:7.0.16","cpe:2.3:a:apache:tomcat:7.0.17","cpe:2.3:a:apache:tomcat:7.0.18","cpe:2.3:a:apache:tomcat:7.0.19","cpe:2.3:a:apache:tomcat:7.0.2","cpe:2.3:a:apache:tomcat:7.0.20","cpe:2.3:a:apache:tomcat:7.0.21","cpe:2.3:a:apache:tomcat:7.0.22","cpe:2.3:a:apache:tomcat:7.0.23","cpe:2.3:a:apache:tomcat:7.0.24","cpe:2.3:a:apache:tomcat:7.0.25","cpe:2.3:a:apache:tomcat:7.0.26","cpe:2.3:a:apache:tomcat:7.0.27","cpe:2.3:a:apache:tomcat:7.0.28","cpe:2.3:a:apache:tomcat:7.0.29","cpe:2.3:a:apache:tomcat:7.0.3","cpe:2.3:a:apache:tomcat:7.0.30","cpe:2.3:a:apache:tomcat:7.0.31","cpe:2.3:a:apache:tomcat:7.0.32","cpe:2.3:a:apache:tomcat:7.0.33","cpe:2.3:a:apache:tomcat:7.0.34","cpe:2.3:a:apache:tomcat:7.0.35","cpe:2.3:a:apache:tomcat:7.0.36","cpe:2.3:a:apache:tomcat:7.0.37","cpe:2.3:a:apache:tomcat:7.0.38","cpe:2.3:a:apache:tomcat:7.0.39","cpe:2.3:a:apache:tomcat:7.0.4","cpe:2.3:a:apache:tomcat:7.0.40","cpe:2.3:a:apache:tomcat:7.0.41","cpe:2.3:a:apache:tomcat:7.0.42","cpe:2.3:a:apache:tomcat:7.0.43","cpe:2.3:a:apache:tomcat:7.0.44","cpe:2.3:a:apache:tomcat:7.0.45","cpe:2.3:a:apache:tomcat:7.0.46","cpe:2.3:a:apache:tomcat:7.0.47","cpe:2.3:a:apache:tomcat:7.0.48","cpe:2.3:a:apache:tomcat:7.0.49","cpe:2.3:a:apache:tomcat:7.0.5","cpe:2.3:a:apache:tomcat:7.0.50","cpe:2.3:a:apache:tomcat:7.0.51","cpe:2.3:a:apache:tomcat:7.0.52","cpe:2.3:a:apache:tomcat:7.0.53","cpe:2.3:a:apache:tomcat:7.0.54","cpe:2.3:a:apache:tomcat:7.0.55","cpe:2.3:a:apache:tomcat:7.0.56","cpe:2.3:a:apache:tomcat:7.0.57","cpe:2.3:a:apache:tomcat:7.0.58","cpe:2.3:a:apache:tomcat:7.0.59","cpe:2.3:a:apache:tomcat:7.0.6","cpe:2.3:a:apache:tomcat:7.0.60","cpe:2.3:a:apache:tomcat:7.0.61","cpe:2.3:a:apache:tomcat:7.0.62","cpe:2.3:a:apache:tomcat:7.0.63","cpe:2.3:a:apache:tomcat:7.0.64","cpe:2.3:a:apache:tomcat:7.0.65","cpe:2.3:a:apache:tomcat:7.0.66","cpe:2.3:a:apache:tomcat:7.0.67","cpe:2.3:a:apache:tomcat:7.0.68","cpe:2.3:a:apache:tomcat:7.0.69","cpe:2.3:a:apache:tomcat:7.0.7","cpe:2.3:a:apache:tomcat:7.0.70","cpe:2.3:a:apache:tomcat:7.0.71","cpe:2.3:a:apache:tomcat:7.0.72","cpe:2.3:a:apache:tomcat:7.0.73","cpe:2.3:a:apache:tomcat:7.0.74","cpe:2.3:a:apache:tomcat:7.0.75","cpe:2.3:a:apache:tomcat:7.0.76","cpe:2.3:a:apache:tomcat:7.0.77","cpe:2.3:a:apache:tomcat:7.0.78","cpe:2.3:a:apache:tomcat:7.0.79","cpe:2.3:a:apache:tomcat:7.0.8","cpe:2.3:a:apache:tomcat:7.0.80","cpe:2.3:a:apache:tomcat:7.0.81","cpe:2.3:a:apache:tomcat:7.0.82","cpe:2.3:a:apache:tomcat:7.0.83","cpe:2.3:a:apache:tomcat:7.0.84","cpe:2.3:a:apache:tomcat:7.0.85","cpe:2.3:a:apache:tomcat:7.0.86","cpe:2.3:a:apache:tomcat:7.0.87","cpe:2.3:a:apache:tomcat:7.0.88","cpe:2.3:a:apache:tomcat:7.0.89","cpe:2.3:a:apache:tomcat:7.0.9","cpe:2.3:a:apache:tomcat:7.0.90","cpe:2.3:a:apache:tomcat:7.0.91","cpe:2.3:a:apache:tomcat:7.0.92","cpe:2.3:a:apache:tomcat:7.0.93","cpe:2.3:a:apache:tomcat:7.0.94","cpe:2.3:a:apache:tomcat:7.0.95","cpe:2.3:a:apache:tomcat:7.0.96","cpe:2.3:a:apache:tomcat:7.0.97","cpe:2.3:a:apache:tomcat:7.0.98","cpe:2.3:a:apache:tomcat:7.0.99","cpe:2.3:a:apache:tomcat:8.5.0","cpe:2.3:a:apache:tomcat:8.5.1","cpe:2.3:a:apache:tomcat:8.5.10","cpe:2.3:a:apache:tomcat:8.5.11","cpe:2.3:a:apache:tomcat:8.5.12","cpe:2.3:a:apache:tomcat:8.5.13","cpe:2.3:a:apache:tomcat:8.5.14","cpe:2.3:a:apache:tomcat:8.5.15","cpe:2.3:a:apache:tomcat:8.5.16","cpe:2.3:a:apache:tomcat:8.5.17","cpe:2.3:a:apache:tomcat:8.5.18","cpe:2.3:a:apache:tomcat:8.5.19","cpe:2.3:a:apache:tomcat:8.5.2","cpe:2.3:a:apache:tomcat:8.5.20","cpe:2.3:a:apache:tomcat:8.5.21","cpe:2.3:a:apache:tomcat:8.5.22","cpe:2.3:a:apache:tomcat:8.5.23","cpe:2.3:a:apache:tomcat:8.5.24","cpe:2.3:a:apache:tomcat:8.5.25","cpe:2.3:a:apache:tomcat:8.5.26","cpe:2.3:a:apache:tomcat:8.5.27","cpe:2.3:a:apache:tomcat:8.5.28","cpe:2.3:a:apache:tomcat:8.5.29","cpe:2.3:a:apache:tomcat:8.5.3","cpe:2.3:a:apache:tomcat:8.5.30","cpe:2.3:a:apache:tomcat:8.5.31","cpe:2.3:a:apache:tomcat:8.5.32","cpe:2.3:a:apache:tomcat:8.5.33","cpe:2.3:a:apache:tomcat:8.5.34","cpe:2.3:a:apache:tomcat:8.5.35","cpe:2.3:a:apache:tomcat:8.5.36","cpe:2.3:a:apache:tomcat:8.5.37","cpe:2.3:a:apache:tomcat:8.5.38","cpe:2.3:a:apache:tomcat:8.5.39","cpe:2.3:a:apache:tomcat:8.5.4","cpe:2.3:a:apache:tomcat:8.5.40","cpe:2.3:a:apache:tomcat:8.5.41","cpe:2.3:a:apache:tomcat:8.5.42","cpe:2.3:a:apache:tomcat:8.5.43","cpe:2.3:a:apache:tomcat:8.5.44","cpe:2.3:a:apache:tomcat:8.5.45","cpe:2.3:a:apache:tomcat:8.5.46","cpe:2.3:a:apache:tomcat:8.5.47","cpe:2.3:a:apache:tomcat:8.5.48","cpe:2.3:a:apache:tomcat:8.5.49","cpe:2.3:a:apache:tomcat:8.5.5","cpe:2.3:a:apache:tomcat:8.5.50","cpe:2.3:a:apache:tomcat:8.5.6","cpe:2.3:a:apache:tomcat:8.5.7","cpe:2.3:a:apache:tomcat:8.5.8","cpe:2.3:a:apache:tomcat:8.5.9","cpe:2.3:a:apache:tomcat:9.0.0","cpe:2.3:a:apache:tomcat:9.0.1","cpe:2.3:a:apache:tomcat:9.0.10","cpe:2.3:a:apache:tomcat:9.0.11","cpe:2.3:a:apache:tomcat:9.0.12","cpe:2.3:a:apache:tomcat:9.0.13","cpe:2.3:a:apache:tomcat:9.0.14","cpe:2.3:a:apache:tomcat:9.0.15","cpe:2.3:a:apache:tomcat:9.0.16","cpe:2.3:a:apache:tomcat:9.0.17","cpe:2.3:a:apache:tomcat:9.0.18","cpe:2.3:a:apache:tomcat:9.0.19","cpe:2.3:a:apache:tomcat:9.0.2","cpe:2.3:a:apache:tomcat:9.0.20","cpe:2.3:a:apache:tomcat:9.0.21","cpe:2.3:a:apache:tomcat:9.0.22","cpe:2.3:a:apache:tomcat:9.0.23","cpe:2.3:a:apache:tomcat:9.0.24","cpe:2.3:a:apache:tomcat:9.0.25","cpe:2.3:a:apache:tomcat:9.0.26","cpe:2.3:a:apache:tomcat:9.0.27","cpe:2.3:a:apache:tomcat:9.0.28","cpe:2.3:a:apache:tomcat:9.0.29","cpe:2.3:a:apache:tomcat:9.0.3","cpe:2.3:a:apache:tomcat:9.0.30","cpe:2.3:a:apache:tomcat:9.0.4","cpe:2.3:a:apache:tomcat:9.0.5","cpe:2.3:a:apache:tomcat:9.0.6","cpe:2.3:a:apache:tomcat:9.0.7","cpe:2.3:a:apache:tomcat:9.0.8","cpe:2.3:a:apache:tomcat:9.0.9","cpe:2.3:a:blackberry:good_control:-","cpe:2.3:a:blackberry:good_control:5.2.58.38","cpe:2.3:a:blackberry:workspaces_server:7.0.1","cpe:2.3:a:blackberry:workspaces_server:7.1.2","cpe:2.3:a:blackberry:workspaces_server:8.1.0","cpe:2.3:a:blackberry:workspaces_server:9.0","cpe:2.3:a:netapp:data_availability_services:-","cpe:2.3:a:netapp:oncommand_system_manager:3.0.0","cpe:2.3:a:netapp:oncommand_system_manager:3.1","cpe:2.3:a:netapp:oncommand_system_manager:3.1.1","cpe:2.3:a:netapp:oncommand_system_manager:3.1.2","cpe:2.3:a:netapp:oncommand_system_manager:3.1.3","cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0","cpe:2.3:a:oracle:agile_plm:9.3.3","cpe:2.3:a:oracle:agile_plm:9.3.5","cpe:2.3:a:oracle:agile_plm:9.3.6","cpe:2.3:a:oracle:communications_element_manager:8.1.1","cpe:2.3:a:oracle:communications_element_manager:8.2.0","cpe:2.3:a:oracle:communications_element_manager:8.2.1","cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0","cpe:2.3:a:oracle:health_sciences_empirica_inspections:1.0.1.2","cpe:2.3:a:oracle:health_sciences_empirica_signal:7.3.3","cpe:2.3:a:oracle:hospitality_guest_access:4.2.0","cpe:2.3:a:oracle:hospitality_guest_access:4.2.1","cpe:2.3:a:oracle:instantis_enterprisetrack:17.1","cpe:2.3:a:oracle:instantis_enterprisetrack:17.2","cpe:2.3:a:oracle:instantis_enterprisetrack:17.3","cpe:2.3:a:oracle:mysql_enterprise_monitor:-","cpe:2.3:a:oracle:mysql_enterprise_monitor:2.3.14","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.0.25","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.0.4","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.0","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.1","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.2","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.3","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.3.7856","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.4","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.5","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.6","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.6.8003","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.1.7","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.0","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.1","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.10","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.1182","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.2","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.3","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.4","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.5","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.6","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.7","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.8","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.8.2223","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.2.9","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.0","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.1","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.2","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.2.1162","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.3","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.4","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.4.3247","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.5","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.6","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.6.3293","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.7","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.8","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.3.9","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.0","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.1","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.10","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.2","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.2.4181","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.3","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.4","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.4.4226","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.5","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.6","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.7","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.7.4297","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.8","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.9","cpe:2.3:a:oracle:mysql_enterprise_monitor:3.4.9.4237","cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.0","cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.0.5135","cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.1","cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.11.5331","cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.12","cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.2","cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.3","cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.4","cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.4.5235","cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.5","cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.6","cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.6.5281","cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.7","cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.8","cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.0","cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.0.8131","cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.1","cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.14","cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.18.1217","cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.2","cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.2.8191","cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.20","cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.3","cpe:2.3:a:oracle:siebel_ui_framework:-","cpe:2.3:a:oracle:siebel_ui_framework:16.0","cpe:2.3:a:oracle:siebel_ui_framework:16.1","cpe:2.3:a:oracle:siebel_ui_framework:17.0","cpe:2.3:a:oracle:siebel_ui_framework:18.0","cpe:2.3:a:oracle:siebel_ui_framework:18.10","cpe:2.3:a:oracle:siebel_ui_framework:18.11","cpe:2.3:a:oracle:siebel_ui_framework:18.7","cpe:2.3:a:oracle:siebel_ui_framework:18.8","cpe:2.3:a:oracle:siebel_ui_framework:18.9","cpe:2.3:a:oracle:siebel_ui_framework:19.0","cpe:2.3:a:oracle:siebel_ui_framework:19.10","cpe:2.3:a:oracle:siebel_ui_framework:19.7","cpe:2.3:a:oracle:siebel_ui_framework:19.8","cpe:2.3:a:oracle:siebel_ui_framework:20.1","cpe:2.3:a:oracle:siebel_ui_framework:20.2","cpe:2.3:a:oracle:siebel_ui_framework:20.5","cpe:2.3:a:oracle:siebel_ui_framework:8.1.1","cpe:2.3:a:oracle:siebel_ui_framework:8.2.2","cpe:2.3:a:oracle:transportation_management:6.3.7","cpe:2.3:a:oracle:workload_manager:12.2.0.1","cpe:2.3:a:oracle:workload_manager:18c","cpe:2.3:a:oracle:workload_manager:19c","cpe:2.3:o:debian:debian_linux:10.0","cpe:2.3:o:debian:debian_linux:8.0","cpe:2.3:o:debian:debian_linux:9.0","cpe:2.3:o:fedoraproject:fedora:30","cpe:2.3:o:fedoraproject:fedora:31","cpe:2.3:o:fedoraproject:fedora:32","cpe:2.3:o:opensuse:leap:15.1"]}