製品・ソフトウェアに関する情報

JVN脆弱性詳細

Apache Tomcat の RequestUtil.java におけるディレクトリトラバーサルの脆弱性

Title	Apache Tomcat の RequestUtil.java におけるディレクトリトラバーサルの脆弱性
Summary	Apache Tomcat の RequestUtil.java には、ディレクトリトラバーサルの脆弱性が存在します。
Possible impacts	リモート認証されたユーザにより、getResource、getResourceAsStream、または getResourcePaths コールの Web アプリケーションで使用される、/.. (スラッシュドットドット) を含むパス名を介して、SecurityManager 制限を回避され、親ディレクトリをリストされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Aug. 17, 2015, midnight
Registration Date	Feb. 26, 2016, 11:38 a.m.
Last Update	Dec. 5, 2016, 5:01 p.m.

CVSS2.0 : 警告
Score	4
Vector	AV:N/AC:L/Au:S/C:P/I:N/A:N

Affected System

Apache Software Foundation

Apache Tomcat 6.0.45 未満の 6.x

Apache Tomcat 7.0.65 未満の 7.x

Apache Tomcat 8.0.27 未満の 8.x

Debian

Debian GNU/Linux

Canonical

Ubuntu

ヒューレット・パッカード・エンタープライズ

HP-UX Tomcat-based Servlet Engine

OpenVMS CSWS JAVA

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2015-5174	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5174
National Vulnerability Database (NVD)
2	CVE-2015-5174	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5174

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-22	https://jvndb.jvn.jp/ja/cwe/CWE-22.html

ベンダー情報

No	Name	URL
Apache Tomcat
1	Apache Tomcat 6.x vulnerabilities	http://tomcat.apache.org/security-6.html
2	Apache Tomcat 7.x vulnerabilities	http://tomcat.apache.org/security-7.html
3	Apache Tomcat 8.x vulnerabilities	http://tomcat.apache.org/security-8.html
Apache-SVN
4	Revision 1696281	http://svn.apache.org/viewvc?view=revision&revision=1696281
5	Revision 1696284	http://svn.apache.org/viewvc?view=revision&revision=1696284
6	Revision 1700897	http://svn.apache.org/viewvc?view=revision&revision=1700897
7	Revision 1700898	http://svn.apache.org/viewvc?view=revision&revision=1700898
8	Revision 1700900	http://svn.apache.org/viewvc?view=revision&revision=1700900
Debian Security Advisory
9	DSA-3530	http://www.debian.org/security/2016/dsa-3530
10	DSA-3552	http://www.debian.org/security/2016/dsa-3552
11	DSA-3609	http://www.debian.org/security/2016/dsa-3609
HPE Security Bulletin
12	HPSBOV03615	https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05158626
13	HPSBUX03561	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964
14	HPSBUX03606	https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05150442
Red Hat Security Advisory
15	RHSA-2016:1433	https://access.redhat.com/errata/RHSA-2016:1433
16	RHSA-2016:1434	https://access.redhat.com/errata/RHSA-2016:1434
17	RHSA-2016:1435	http://rhn.redhat.com/errata/RHSA-2016-1435.html
18	RHSA-2016:2045	http://rhn.redhat.com/errata/RHSA-2016-2045.html
Ubuntu Security Notice
19	USN-3024-1	http://www.ubuntu.com/usn/USN-3024-1/

その他

No	Name	URL
JVN
1	JVNVU#94679988	http://jvn.jp/vu/JVNVU94679988/index.html

Change Log

No	Changed Details	Date of change
0	[2016年02月26日] 掲載 [2016年06月24日] ベンダ情報：ヒューレット・パッカード・エンタープライズ (HPSBUX03606) を追加ベンダ情報：ヒューレット・パッカード・エンタープライズ (HPSBOV03615) を追加 [2016年09月06日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：レッドハット (RHSA-2016:1433) を追加ベンダ情報：レッドハット (RHSA-2016:1434) を追加ベンダ情報：レッドハット (RHSA-2016:1435) を追加ベンダ情報：Debian (DSA-3530) を追加ベンダ情報：Debian (DSA-3552) を追加ベンダ情報：Debian (DSA-3609) を追加ベンダ情報：Canonical (USN-3024-1) を追加 [2016年09月07日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：ヒューレット・パッカード・エンタープライズ (HPSBUX03561) を追加 [2016年12月05日] ベンダ情報：レッドハット (RHSA-2016:2045) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2015-5174

Summary	Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.
Publication Date	Feb. 25, 2016, 10:59 a.m.
Registration Date	Jan. 26, 2021, 2:52 p.m.
Last Update	Nov. 21, 2024, 11:32 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:8.0:::::::*
cpe:2.3:o:debian:debian_linux:7.0:::::::*

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:apache:tomcat:7.0.2:beta::::::
cpe:2.3:a:apache:tomcat:6.0.33:::::::*
cpe:2.3:a:apache:tomcat:6.0.0:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.39:::::::*
cpe:2.3:a:apache:tomcat:7.0.12:::::::*
cpe:2.3:a:apache:tomcat:7.0.62:::::::*
cpe:2.3:a:apache:tomcat:8.0.17:::::::*
cpe:2.3:a:apache:tomcat:7.0.53:::::::*
cpe:2.3:a:apache:tomcat:6.0.4:alpha::::::
cpe:2.3:a:apache:tomcat:7.0.20:::::::*
cpe:2.3:a:apache:tomcat:6.0.11:::::::*
cpe:2.3:a:apache:tomcat:7.0.34:::::::*
cpe:2.3:a:apache:tomcat:8.0.26:::::::*
cpe:2.3:a:apache:tomcat:7.0.55:::::::*
cpe:2.3:a:apache:tomcat:7.0.4:beta::::::
cpe:2.3:a:apache:tomcat:7.0.63:::::::*
cpe:2.3:a:apache:tomcat:8.0.20:::::::*
cpe:2.3:a:apache:tomcat:6.0.4:::::::*
cpe:2.3:a:apache:tomcat:7.0.22:::::::*
cpe:2.3:a:apache:tomcat:7.0.39:::::::*
cpe:2.3:a:apache:tomcat:7.0.26:::::::*
cpe:2.3:a:apache:tomcat:7.0.28:::::::*
cpe:2.3:a:apache:tomcat:8.0.1:::::::*
cpe:2.3:a:apache:tomcat:8.0.0:rc3::::::
cpe:2.3:a:apache:tomcat:7.0.59:::::::*
cpe:2.3:a:apache:tomcat:6.0.44:::::::*
cpe:2.3:a:apache:tomcat:7.0.50:::::::*
cpe:2.3:a:apache:tomcat:7.0.6:::::::*
cpe:2.3:a:apache:tomcat:6.0.20:::::::*
cpe:2.3:a:apache:tomcat:8.0.12:::::::*
cpe:2.3:a:apache:tomcat:7.0.14:::::::*
cpe:2.3:a:apache:tomcat:6.0.10:::::::*
cpe:2.3:a:apache:tomcat:8.0.15:::::::*
cpe:2.3:a:apache:tomcat:6.0.29:::::::*
cpe:2.3:a:apache:tomcat:7.0.11:::::::*
cpe:2.3:a:apache:tomcat:8.0.0:rc1::::::
cpe:2.3:a:apache:tomcat:7.0.23:::::::*
cpe:2.3:a:apache:tomcat:7.0.0:beta::::::
cpe:2.3:a:apache:tomcat:6.0.1:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.24:::::::*
cpe:2.3:a:apache:tomcat:8.0.22:::::::*
cpe:2.3:a:apache:tomcat:6.0.37:::::::*
cpe:2.3:a:apache:tomcat:7.0.52:::::::*
cpe:2.3:a:apache:tomcat:7.0.42:::::::*
cpe:2.3:a:apache:tomcat:6.0.32:::::::*
cpe:2.3:a:apache:tomcat:6.0.28:::::::*
cpe:2.3:a:apache:tomcat:7.0.37:::::::*
cpe:2.3:a:apache:tomcat:7.0.29:::::::*
cpe:2.3:a:apache:tomcat:8.0.11:::::::*
cpe:2.3:a:apache:tomcat:8.0.24:::::::*
cpe:2.3:a:apache:tomcat:8.0.0:rc10::::::
cpe:2.3:a:apache:tomcat:8.0.23:::::::*
cpe:2.3:a:apache:tomcat:6.0.0:::::::*
cpe:2.3:a:apache:tomcat:7.0.47:::::::*
cpe:2.3:a:apache:tomcat:7.0.5:beta::::::
cpe:2.3:a:apache:tomcat:8.0.21:::::::*
cpe:2.3:a:apache:tomcat:6.0.14:::::::*
cpe:2.3:a:apache:tomcat:7.0.41:::::::*
cpe:2.3:a:apache:tomcat:7.0.30:::::::*
cpe:2.3:a:apache:tomcat:7.0.19:::::::*
cpe:2.3:a:apache:tomcat:7.0.16:::::::*
cpe:2.3:a:apache:tomcat:6.0.41:::::::*
cpe:2.3:a:apache:tomcat:7.0.10:::::::*
cpe:2.3:a:apache:tomcat:8.0.18:::::::*
cpe:2.3:a:apache:tomcat:6.0.1:::::::*
cpe:2.3:a:apache:tomcat:7.0.25:::::::*
cpe:2.3:a:apache:tomcat:7.0.54:::::::*
cpe:2.3:a:apache:tomcat:7.0.35:::::::*
cpe:2.3:a:apache:tomcat:7.0.61:::::::*
cpe:2.3:a:apache:tomcat:6.0.18:::::::*
cpe:2.3:a:apache:tomcat:7.0.57:::::::*
cpe:2.3:a:apache:tomcat:6.0.2:alpha::::::
cpe:2.3:a:apache:tomcat:8.0.14:::::::*
cpe:2.3:a:apache:tomcat:8.0.0:rc5::::::
cpe:2.3:a:apache:tomcat:7.0.32:::::::*
cpe:2.3:a:apache:tomcat:6.0.43:::::::*
cpe:2.3:a:apache:tomcat:7.0.21:::::::*
cpe:2.3:a:apache:tomcat:7.0.27:::::::*
cpe:2.3:a:apache:tomcat:7.0.40:::::::*
cpe:2.3:a:apache:tomcat:6.0.30:::::::*
cpe:2.3:a:apache:tomcat:6.0.2:::::::*
cpe:2.3:a:apache:tomcat:6.0.2:beta::::::
cpe:2.3:a:apache:tomcat:6.0.13:::::::*
cpe:2.3:a:apache:tomcat:7.0.56:::::::*
cpe:2.3:a:apache:tomcat:6.0.26:::::::*
cpe:2.3:a:apache:tomcat:7.0.64:::::::*
cpe:2.3:a:apache:tomcat:6.0.35:::::::*
cpe:2.3:a:apache:tomcat:6.0.16:::::::*
cpe:2.3:a:apache:tomcat:6.0.36:::::::*
cpe:2.3:a:apache:tomcat:7.0.33:::::::*

Configuration3	or higher	or less	more than	less than
cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

Related information, measures and tools

No	URL	タグ
1	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html
2	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html
3	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html
4	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html
5	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html
6	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html
7	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html
8	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html
9	http://marc.info/?l=bugtraq&m=145974991225029&w=2
10	http://marc.info/?l=bugtraq&m=145974991225029&w=2
11	http://packetstormsecurity.com/files/135883/Apache-Tomcat-Limited-Directory-Traversal.html
12	http://packetstormsecurity.com/files/135883/Apache-Tomcat-Limited-Directory-Traversal.html
13	http://rhn.redhat.com/errata/RHSA-2016-1435.html
14	http://rhn.redhat.com/errata/RHSA-2016-1435.html
15	http://rhn.redhat.com/errata/RHSA-2016-2045.html
16	http://rhn.redhat.com/errata/RHSA-2016-2045.html
17	http://rhn.redhat.com/errata/RHSA-2016-2599.html
18	http://rhn.redhat.com/errata/RHSA-2016-2599.html
19	http://seclists.org/bugtraq/2016/Feb/149
20	http://seclists.org/bugtraq/2016/Feb/149
21	http://svn.apache.org/viewvc?view=revision&revision=1696281
22	http://svn.apache.org/viewvc?view=revision&revision=1696281
23	http://svn.apache.org/viewvc?view=revision&revision=1696284
24	http://svn.apache.org/viewvc?view=revision&revision=1696284
25	http://svn.apache.org/viewvc?view=revision&revision=1700897
26	http://svn.apache.org/viewvc?view=revision&revision=1700897
27	http://svn.apache.org/viewvc?view=revision&revision=1700898
28	http://svn.apache.org/viewvc?view=revision&revision=1700898
29	http://svn.apache.org/viewvc?view=revision&revision=1700900
30	http://svn.apache.org/viewvc?view=revision&revision=1700900
31	http://tomcat.apache.org/security-6.html	Vendor Advisory
32	http://tomcat.apache.org/security-6.html	Vendor Advisory
33	http://tomcat.apache.org/security-7.html	Vendor Advisory
34	http://tomcat.apache.org/security-7.html	Vendor Advisory
35	http://tomcat.apache.org/security-8.html	Vendor Advisory
36	http://tomcat.apache.org/security-8.html	Vendor Advisory
37	http://www.debian.org/security/2016/dsa-3530
38	http://www.debian.org/security/2016/dsa-3530
39	http://www.debian.org/security/2016/dsa-3552
40	http://www.debian.org/security/2016/dsa-3552
41	http://www.debian.org/security/2016/dsa-3609
42	http://www.debian.org/security/2016/dsa-3609
43	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
44	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
45	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
46	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
47	http://www.securityfocus.com/bid/83329
48	http://www.securityfocus.com/bid/83329
49	http://www.securitytracker.com/id/1035070
50	http://www.securitytracker.com/id/1035070
51	http://www.ubuntu.com/usn/USN-3024-1
52	http://www.ubuntu.com/usn/USN-3024-1
53	https://access.redhat.com/errata/RHSA-2016:1432
54	https://access.redhat.com/errata/RHSA-2016:1432
55	https://access.redhat.com/errata/RHSA-2016:1433
56	https://access.redhat.com/errata/RHSA-2016:1433
57	https://access.redhat.com/errata/RHSA-2016:1434
58	https://access.redhat.com/errata/RHSA-2016:1434
59	https://bto.bluecoat.com/security-advisory/sa118
60	https://bto.bluecoat.com/security-advisory/sa118
61	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964
62	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964
63	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442
64	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442
65	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626
66	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626
67	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
68	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
69	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
70	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
71	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
72	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
73	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
74	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
75	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
76	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
77	https://lists.apache.org/thread.html/r0b24f2c7507f702348e2c2d64e8a5de72bad6173658e8d8e45322ac2%40%3Cusers.tomcat.apache.org%3E
78	https://lists.apache.org/thread.html/r0b24f2c7507f702348e2c2d64e8a5de72bad6173658e8d8e45322ac2%40%3Cusers.tomcat.apache.org%3E
79	https://lists.apache.org/thread.html/r15695e6203b026c9e9070ca9fa95fb17dd4cd88e5342a7dc5e1e7b85%40%3Cusers.tomcat.apache.org%3E
80	https://lists.apache.org/thread.html/r15695e6203b026c9e9070ca9fa95fb17dd4cd88e5342a7dc5e1e7b85%40%3Cusers.tomcat.apache.org%3E
81	https://lists.apache.org/thread.html/r1c62634b7426bee5f553307063457b99c84af73b078ede4f2592b34e%40%3Cusers.tomcat.apache.org%3E
82	https://lists.apache.org/thread.html/r1c62634b7426bee5f553307063457b99c84af73b078ede4f2592b34e%40%3Cusers.tomcat.apache.org%3E
83	https://lists.apache.org/thread.html/r409efdf706c2077ae5c37018a87da725a3ca89570a9530342cdc53e4%40%3Cusers.tomcat.apache.org%3E
84	https://lists.apache.org/thread.html/r409efdf706c2077ae5c37018a87da725a3ca89570a9530342cdc53e4%40%3Cusers.tomcat.apache.org%3E
85	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
86	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
87	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
88	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
89	https://lists.apache.org/thread.html/rd4863c79bf729aabb95571fd845a9ea4ee3ae3fcee48f35aba007350%40%3Cusers.tomcat.apache.org%3E
90	https://lists.apache.org/thread.html/rd4863c79bf729aabb95571fd845a9ea4ee3ae3fcee48f35aba007350%40%3Cusers.tomcat.apache.org%3E
91	https://security.gentoo.org/glsa/201705-09
92	https://security.gentoo.org/glsa/201705-09
93	https://security.netapp.com/advisory/ntap-20180531-0001/
94	https://security.netapp.com/advisory/ntap-20180531-0001/

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-22	パス・トラバーサル	https://cwe.mitre.org/data/definitions/22.html

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:apache:tomcat:7.0.2:beta::::::
cpe:2.3:a:apache:tomcat:6.0.33:::::::*
cpe:2.3:a:apache:tomcat:6.0.0:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.39:::::::*
cpe:2.3:a:apache:tomcat:7.0.12:::::::*
cpe:2.3:a:apache:tomcat:7.0.62:::::::*
cpe:2.3:a:apache:tomcat:8.0.17:::::::*
cpe:2.3:a:apache:tomcat:7.0.53:::::::*
cpe:2.3:a:apache:tomcat:6.0.4:alpha::::::
cpe:2.3:a:apache:tomcat:7.0.20:::::::*
cpe:2.3:a:apache:tomcat:6.0.11:::::::*
cpe:2.3:a:apache:tomcat:7.0.34:::::::*
cpe:2.3:a:apache:tomcat:8.0.26:::::::*
cpe:2.3:a:apache:tomcat:7.0.55:::::::*
cpe:2.3:a:apache:tomcat:7.0.4:beta::::::
cpe:2.3:a:apache:tomcat:7.0.63:::::::*
cpe:2.3:a:apache:tomcat:8.0.20:::::::*
cpe:2.3:a:apache:tomcat:6.0.4:::::::*
cpe:2.3:a:apache:tomcat:7.0.22:::::::*
cpe:2.3:a:apache:tomcat:7.0.39:::::::*
cpe:2.3:a:apache:tomcat:7.0.26:::::::*
cpe:2.3:a:apache:tomcat:7.0.28:::::::*
cpe:2.3:a:apache:tomcat:8.0.1:::::::*
cpe:2.3:a:apache:tomcat:8.0.0:rc3::::::
cpe:2.3:a:apache:tomcat:7.0.59:::::::*
cpe:2.3:a:apache:tomcat:6.0.44:::::::*
cpe:2.3:a:apache:tomcat:7.0.50:::::::*
cpe:2.3:a:apache:tomcat:7.0.6:::::::*
cpe:2.3:a:apache:tomcat:6.0.20:::::::*
cpe:2.3:a:apache:tomcat:8.0.12:::::::*
cpe:2.3:a:apache:tomcat:7.0.14:::::::*
cpe:2.3:a:apache:tomcat:6.0.10:::::::*
cpe:2.3:a:apache:tomcat:8.0.15:::::::*
cpe:2.3:a:apache:tomcat:6.0.29:::::::*
cpe:2.3:a:apache:tomcat:7.0.11:::::::*
cpe:2.3:a:apache:tomcat:8.0.0:rc1::::::
cpe:2.3:a:apache:tomcat:7.0.23:::::::*
cpe:2.3:a:apache:tomcat:7.0.0:beta::::::
cpe:2.3:a:apache:tomcat:6.0.1:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.24:::::::*
cpe:2.3:a:apache:tomcat:8.0.22:::::::*
cpe:2.3:a:apache:tomcat:6.0.37:::::::*
cpe:2.3:a:apache:tomcat:7.0.52:::::::*
cpe:2.3:a:apache:tomcat:7.0.42:::::::*
cpe:2.3:a:apache:tomcat:6.0.32:::::::*
cpe:2.3:a:apache:tomcat:6.0.28:::::::*
cpe:2.3:a:apache:tomcat:7.0.37:::::::*
cpe:2.3:a:apache:tomcat:7.0.29:::::::*
cpe:2.3:a:apache:tomcat:8.0.11:::::::*
cpe:2.3:a:apache:tomcat:8.0.24:::::::*
cpe:2.3:a:apache:tomcat:8.0.0:rc10::::::
cpe:2.3:a:apache:tomcat:8.0.23:::::::*
cpe:2.3:a:apache:tomcat:6.0.0:::::::*
cpe:2.3:a:apache:tomcat:7.0.47:::::::*
cpe:2.3:a:apache:tomcat:7.0.5:beta::::::
cpe:2.3:a:apache:tomcat:8.0.21:::::::*
cpe:2.3:a:apache:tomcat:6.0.14:::::::*
cpe:2.3:a:apache:tomcat:7.0.41:::::::*
cpe:2.3:a:apache:tomcat:7.0.30:::::::*
cpe:2.3:a:apache:tomcat:7.0.19:::::::*
cpe:2.3:a:apache:tomcat:7.0.16:::::::*
cpe:2.3:a:apache:tomcat:6.0.41:::::::*
cpe:2.3:a:apache:tomcat:7.0.10:::::::*
cpe:2.3:a:apache:tomcat:8.0.18:::::::*
cpe:2.3:a:apache:tomcat:6.0.1:::::::*
cpe:2.3:a:apache:tomcat:7.0.25:::::::*
cpe:2.3:a:apache:tomcat:7.0.54:::::::*
cpe:2.3:a:apache:tomcat:7.0.35:::::::*
cpe:2.3:a:apache:tomcat:7.0.61:::::::*
cpe:2.3:a:apache:tomcat:6.0.18:::::::*
cpe:2.3:a:apache:tomcat:7.0.57:::::::*
cpe:2.3:a:apache:tomcat:6.0.2:alpha::::::
cpe:2.3:a:apache:tomcat:8.0.14:::::::*
cpe:2.3:a:apache:tomcat:8.0.0:rc5::::::
cpe:2.3:a:apache:tomcat:7.0.32:::::::*
cpe:2.3:a:apache:tomcat:6.0.43:::::::*
cpe:2.3:a:apache:tomcat:7.0.21:::::::*
cpe:2.3:a:apache:tomcat:7.0.27:::::::*
cpe:2.3:a:apache:tomcat:7.0.40:::::::*
cpe:2.3:a:apache:tomcat:6.0.30:::::::*
cpe:2.3:a:apache:tomcat:6.0.2:::::::*
cpe:2.3:a:apache:tomcat:6.0.2:beta::::::
cpe:2.3:a:apache:tomcat:6.0.13:::::::*
cpe:2.3:a:apache:tomcat:7.0.56:::::::*
cpe:2.3:a:apache:tomcat:6.0.26:::::::*
cpe:2.3:a:apache:tomcat:7.0.64:::::::*
cpe:2.3:a:apache:tomcat:6.0.35:::::::*
cpe:2.3:a:apache:tomcat:6.0.16:::::::*
cpe:2.3:a:apache:tomcat:6.0.36:::::::*
cpe:2.3:a:apache:tomcat:7.0.33:::::::*