CLSA-2026-1777884162

See a problem?

Import Source

https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1777884162.json

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2026-1777884162

Upstream

CVE-2018-8014

Published

2026-05-04T08:42:46Z

Modified

2026-06-04T09:47:03.641733891Z

Summary

Fix CVE(s): CVE-2018-8014

Details

Fix build process:
- debian/keystores/ca-cert.pem, ca.jks: regenerate self-signed test CA using the existing ca-key.pem (previous CA valid only until 21.03.2025). New validity: 21.04.2026 to 18.04.2036.
- debian/keystores/localhost-cert.pem, localhost.jks, localhost-copy1.jks: re-issue against the new CA to keep the chain consistent. Existing localhost-key.pem is preserved.
- debian/keystores/user1-cert.pem, user1.jks: re-issue against the new CA using the existing user1-key.pem (previous cert valid only until 21.03.2025).
- debian/keystores/updating-certs.txt: refresh the procedure notes with current serials and expiry dates.
SECURITY UPDATE: Insecure default configuration of the CORS filter allowed cross-origin requests with credentials from any origin. The default settings enabled supportsCredentials alongside a wildcard allowedOrigins. Affects Apache Tomcat 7.0.41 to 7.0.88.
- debian/patches/CVE-2018-8014.patch: Change default allowedOrigins to empty and default supportsCredentials to false in the CORS filter, reject the unsafe combination of supportsCredentials=true with allowedOrigins=* at configuration time, and simplify the handleSimpleCORS logic accordingly. Backport of upstream commit d83a76732e. Note: applications relying on the previous permissive defaults must configure the filter explicitly.
- CVE-2018-8014

References

https://errata.tuxcare.com/els_os/ubuntu16.04els/CLSA-2026-1777884162.html

Affected packages

TuxCare:Ubuntu:16.04

libservlet3.0-java

Package

Name: libservlet3.0-java
Purl: pkg:deb/tuxcare/libservlet3.0-java?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.68-1ubuntu0.4+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1777884162.json"

libservlet3.0-java-doc

Package

Name: libservlet3.0-java-doc
Purl: pkg:deb/tuxcare/libservlet3.0-java-doc?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.68-1ubuntu0.4+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1777884162.json"

libtomcat7-java

Package

Name: libtomcat7-java
Purl: pkg:deb/tuxcare/libtomcat7-java?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.68-1ubuntu0.4+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1777884162.json"

tomcat7

Package

Name: tomcat7
Purl: pkg:deb/tuxcare/tomcat7?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.68-1ubuntu0.4+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1777884162.json"

tomcat7-admin

Package

Name: tomcat7-admin
Purl: pkg:deb/tuxcare/tomcat7-admin?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.68-1ubuntu0.4+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1777884162.json"

tomcat7-common

Package

Name: tomcat7-common
Purl: pkg:deb/tuxcare/tomcat7-common?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.68-1ubuntu0.4+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1777884162.json"

tomcat7-docs

Package

Name: tomcat7-docs
Purl: pkg:deb/tuxcare/tomcat7-docs?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.68-1ubuntu0.4+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1777884162.json"

tomcat7-examples

Package

Name: tomcat7-examples
Purl: pkg:deb/tuxcare/tomcat7-examples?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.68-1ubuntu0.4+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1777884162.json"

tomcat7-user

Package

Name: tomcat7-user
Purl: pkg:deb/tuxcare/tomcat7-user?distro=ubuntu-16.04

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.68-1ubuntu0.4+tuxcare.els3

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1777884162.json"