CVE-2018-8014: Insecure Default Initialization of Resource

May 16, 2018 (updated October 3, 2019)

The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable supportsCredentials for all origins.

References

tomcat.apache.org/security-7.html
tomcat.apache.org/security-8.html
tomcat.apache.org/security-9.html
www.securityfocus.com/bid/104203
www.securitytracker.com/id/1040998
www.securitytracker.com/id/1041888
nvd.nist.gov/vuln/detail/CVE-2018-8014

Code Behaviors & Features

Detect and mitigate CVE-2018-8014 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →