On 20/06/18 18:16, Bradley, Richard wrote: > Hello, > > Tomcat version: 8.5.31 > O/S: Windows Server 2008 R2 > > McAfee vulnerability checker has reported a MEDIUM level vulnerability as > follows: > > Vulnerability: CVE-2018-8014: Apache Tomcat Vulnerability Prior To 8.5.32 > [FID 23621] > > Apache Software Foundation reports this in annou...@tomcat.apache.org > <https://lists.apache.org/list.html?annou...@tomcat.apache.org>: > > CVE-2018-8014 Insecure defaults for CORS filter > > and the only mitigation is to "Configure the filter appropriately for your > environment" > > My question is: > > What if you don't have a CORS filter configured anywhere in the Tomcat and > web apps associated web.xml files?
You have nothing to worry about. Well, apart from the poor quality of your vulnerability scanner that looks like it is reporting a CORS issue without checking to see if CORS headers are being sent. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
