On 20/06/18 18:16, Bradley, Richard wrote:
> Hello,
> Tomcat version: 8.5.31
> O/S: Windows Server 2008 R2
> McAfee vulnerability checker has reported a MEDIUM level vulnerability as
> follows:
> Vulnerability: CVE-2018-8014: Apache Tomcat Vulnerability Prior To 8.5.32
> [FID 23621]
> Apache Software Foundation reports this in  annou...@tomcat.apache.org
> <https://lists.apache.org/list.html?annou...@tomcat.apache.org>:
> CVE-2018-8014 Insecure defaults for CORS filter
> and the only mitigation is to "Configure the filter appropriately for your
> environment"
> My question is:
> What if you don't have a CORS filter configured anywhere in the Tomcat and
> web apps associated web.xml files?

You have nothing to worry about.

Well, apart from the poor quality of your vulnerability scanner that
looks like it is reporting a CORS issue without checking to see if CORS
headers are being sent.


To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to