Tomcat security bypass CVE-2018-1304
Issue
The CVE-2018-1304 was assigned to a Servlet security bypass flaw in Tomcat. This flaw caused a security constraint (@ServletSecurity annotation or web.xml
configuration) to be ignored when an empty url pattern was specified. This flaw affects Tomcat 7,8 and 9.
Environment
Red Hat Enterprise Linux 7
Red Hat JBoss Enterprise Application Platform 6.4
Red Hat JBoss Web Server 3.1
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.