Affects Version/s: FIS 2.0
Fix Version/s: fuse-7.0
Component/s: FIS-Productization Pipeline
Sprint:Fuse 7.0 Sprint 27
Security Sensitive Issue:This issue is security relevant
Security Tracking Issue
Do not make this issue public.
This bug is subject to the Security Errata Policy.
The overall impact of the blocking security issue(s) is Moderate. Based on this impact, this bug must be resolved by 23-Feb-2019.
Please refer to the Security Errata Policy documentation for further details: https://docs.prodsec.redhat.com/policy-guide/#policy-errata
CVE-2018-1305 tomcat: Late application of security constraints can lead to resource exposure for unauthorised users
Apache Tomcat versions 7.0.0 to 7.0.84, 8.0.0.RC1 to 8.0.49 and 8.5.0 to 8.5.27 only apply security constraints defined by Servlets once those Servlets are loaded. Depending on the order that Servlets load, some security constraints may not be applied leading to unintended resource exposure.